diff --git a/generated/aws_accessanalyzer_api/README.md b/generated/aws_accessanalyzer_api/README.md
index 19f2de2bf..1b84e6e51 100644
--- a/generated/aws_accessanalyzer_api/README.md
+++ b/generated/aws_accessanalyzer_api/README.md
@@ -3,18 +3,21 @@
**Generated Dart library from API specification**
*About the service:*
-AWS IAM Access Analyzer helps identify potential resource-access risks by
-enabling you to identify any policies that grant access to an external
-principal. It does this by using logic-based reasoning to analyze
-resource-based policies in your AWS environment. An external principal can
-be another AWS account, a root user, an IAM user or role, a federated user,
-an AWS service, or an anonymous user. This guide describes the AWS IAM
+Identity and Access Management Access Analyzer helps identify potential
+resource-access risks by enabling you to identify any policies that grant
+access to an external principal. It does this by using logic-based reasoning
+to analyze resource-based policies in your Amazon Web Services environment.
+An external principal can be another Amazon Web Services account, a root
+user, an IAM user or role, a federated user, an Amazon Web Services service,
+or an anonymous user. You can also use IAM Access Analyzer to preview and
+validate public and cross-account access to your resources before deploying
+permissions changes. This guide describes the Identity and Access Management
Access Analyzer operations that you can call programmatically. For general
-information about Access Analyzer, see AWS
-IAM Access Analyzer in the IAM User Guide.
+information about IAM Access Analyzer, see Identity
+and Access Management Access Analyzer in the IAM User Guide.
-To start using Access Analyzer, you first need to create an analyzer.
+To start using IAM Access Analyzer, you first need to create an analyzer.
## Links
diff --git a/generated/aws_accessanalyzer_api/lib/accessanalyzer-2019-11-01.dart b/generated/aws_accessanalyzer_api/lib/accessanalyzer-2019-11-01.dart
index eb9bc92bc..cc847855d 100644
--- a/generated/aws_accessanalyzer_api/lib/accessanalyzer-2019-11-01.dart
+++ b/generated/aws_accessanalyzer_api/lib/accessanalyzer-2019-11-01.dart
@@ -18,18 +18,21 @@ import 'package:shared_aws_api/shared.dart'
export 'package:shared_aws_api/shared.dart' show AwsClientCredentials;
-/// AWS IAM Access Analyzer helps identify potential resource-access risks by
-/// enabling you to identify any policies that grant access to an external
-/// principal. It does this by using logic-based reasoning to analyze
-/// resource-based policies in your AWS environment. An external principal can
-/// be another AWS account, a root user, an IAM user or role, a federated user,
-/// an AWS service, or an anonymous user. This guide describes the AWS IAM
+/// Identity and Access Management Access Analyzer helps identify potential
+/// resource-access risks by enabling you to identify any policies that grant
+/// access to an external principal. It does this by using logic-based reasoning
+/// to analyze resource-based policies in your Amazon Web Services environment.
+/// An external principal can be another Amazon Web Services account, a root
+/// user, an IAM user or role, a federated user, an Amazon Web Services service,
+/// or an anonymous user. You can also use IAM Access Analyzer to preview and
+/// validate public and cross-account access to your resources before deploying
+/// permissions changes. This guide describes the Identity and Access Management
/// Access Analyzer operations that you can call programmatically. For general
-/// information about Access Analyzer, see AWS
-/// IAM Access Analyzer in the IAM User Guide.
+/// information about IAM Access Analyzer, see Identity
+/// and Access Management Access Analyzer in the IAM User Guide.
///
-/// To start using Access Analyzer, you first need to create an analyzer.
+/// To start using IAM Access Analyzer, you first need to create an analyzer.
class AccessAnalyzer {
final _s.RestJsonProtocol _protocol;
AccessAnalyzer({
@@ -94,6 +97,75 @@ class AccessAnalyzer {
);
}
+ /// Cancels the requested policy generation.
+ ///
+ /// May throw [ValidationException].
+ /// May throw [InternalServerException].
+ /// May throw [ThrottlingException].
+ /// May throw [AccessDeniedException].
+ ///
+ /// Parameter [jobId] :
+ /// The JobId that is returned by the
+ /// StartPolicyGeneration operation. The JobId can
+ /// be used with GetGeneratedPolicy to retrieve the generated
+ /// policies or used with CancelPolicyGeneration to cancel the
+ /// policy generation request.
+ Future cancelPolicyGeneration({
+ required String jobId,
+ }) async {
+ final response = await _protocol.send(
+ payload: null,
+ method: 'PUT',
+ requestUri: '/policy/generation/${Uri.encodeComponent(jobId)}',
+ exceptionFnMap: _exceptionFns,
+ );
+ }
+
+ /// Creates an access preview that allows you to preview IAM Access Analyzer
+ /// findings for your resource before deploying resource permissions.
+ ///
+ /// May throw [ResourceNotFoundException].
+ /// May throw [ConflictException].
+ /// May throw [ValidationException].
+ /// May throw [InternalServerException].
+ /// May throw [ServiceQuotaExceededException].
+ /// May throw [ThrottlingException].
+ /// May throw [AccessDeniedException].
+ ///
+ /// Parameter [analyzerArn] :
+ /// The ARN
+ /// of the account analyzer used to generate the access preview. You can
+ /// only create an access preview for analyzers with an Account
+ /// type and Active status.
+ ///
+ /// Parameter [configurations] :
+ /// Access control configuration for your resource that is used to generate
+ /// the access preview. The access preview includes findings for external
+ /// access allowed to the resource with the proposed access control
+ /// configuration. The configuration must contain exactly one element.
+ ///
+ /// Parameter [clientToken] :
+ /// A client token.
+ Future createAccessPreview({
+ required String analyzerArn,
+ required Map configurations,
+ String? clientToken,
+ }) async {
+ final $payload = {
+ 'analyzerArn': analyzerArn,
+ 'configurations': configurations,
+ 'clientToken': clientToken ?? _s.generateIdempotencyToken(),
+ };
+ final response = await _protocol.send(
+ payload: $payload,
+ method: 'PUT',
+ requestUri: '/access-preview',
+ exceptionFnMap: _exceptionFns,
+ );
+ return CreateAccessPreviewResponse.fromJson(response);
+ }
+
/// Creates an analyzer for your account.
///
/// May throw [ConflictException].
@@ -107,8 +179,9 @@ class AccessAnalyzer {
/// The name of the analyzer to create.
///
/// Parameter [type] :
- /// The type of analyzer to create. Only ACCOUNT analyzers are supported. You
- /// can create only one analyzer per account per Region.
+ /// The type of analyzer to create. Only ACCOUNT and ORGANIZATION analyzers
+ /// are supported. You can create only one analyzer per account per Region.
+ /// You can create up to 5 analyzers per organization per Region.
///
/// Parameter [archiveRules] :
/// Specifies the archive rules to add for the analyzer. Archive rules
@@ -147,6 +220,11 @@ class AccessAnalyzer {
/// automatically archive new findings that meet the criteria you define when
/// you create the rule.
///
+ /// To learn about filter keys that you can use to create an archive rule, see
+ /// IAM
+ /// Access Analyzer filter keys in the IAM User Guide.
+ ///
/// May throw [ResourceNotFoundException].
/// May throw [ConflictException].
/// May throw [ValidationException].
@@ -185,10 +263,10 @@ class AccessAnalyzer {
);
}
- /// Deletes the specified analyzer. When you delete an analyzer, Access
- /// Analyzer is disabled for the account in the current or specific Region.
- /// All findings that were generated by the analyzer are deleted. You cannot
- /// undo this action.
+ /// Deletes the specified analyzer. When you delete an analyzer, IAM Access
+ /// Analyzer is disabled for the account or organization in the current or
+ /// specific Region. All findings that were generated by the analyzer are
+ /// deleted. You cannot undo this action.
///
/// May throw [ResourceNotFoundException].
/// May throw [ValidationException].
@@ -251,6 +329,38 @@ class AccessAnalyzer {
);
}
+ /// Retrieves information about an access preview for the specified analyzer.
+ ///
+ /// May throw [ResourceNotFoundException].
+ /// May throw [ValidationException].
+ /// May throw [InternalServerException].
+ /// May throw [ThrottlingException].
+ /// May throw [AccessDeniedException].
+ ///
+ /// Parameter [accessPreviewId] :
+ /// The unique ID for the access preview.
+ ///
+ /// Parameter [analyzerArn] :
+ /// The ARN
+ /// of the analyzer used to generate the access preview.
+ Future getAccessPreview({
+ required String accessPreviewId,
+ required String analyzerArn,
+ }) async {
+ final $query = >{
+ 'analyzerArn': [analyzerArn],
+ };
+ final response = await _protocol.send(
+ payload: null,
+ method: 'GET',
+ requestUri: '/access-preview/${Uri.encodeComponent(accessPreviewId)}',
+ queryParams: $query,
+ exceptionFnMap: _exceptionFns,
+ );
+ return GetAccessPreviewResponse.fromJson(response);
+ }
+
/// Retrieves information about a resource that was analyzed.
///
/// May throw [ResourceNotFoundException].
@@ -260,7 +370,9 @@ class AccessAnalyzer {
/// May throw [AccessDeniedException].
///
/// Parameter [analyzerArn] :
- /// The ARN of the analyzer to retrieve information from.
+ /// The ARN
+ /// of the analyzer to retrieve information from.
///
/// Parameter [resourceArn] :
/// The ARN of the resource to retrieve information about.
@@ -308,8 +420,8 @@ class AccessAnalyzer {
///
/// To learn about filter keys that you can use to create an archive rule, see
/// Access
- /// Analyzer filter keys in the IAM User Guide.
+ /// href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html">IAM
+ /// Access Analyzer filter keys in the IAM User Guide.
///
/// May throw [ResourceNotFoundException].
/// May throw [ValidationException].
@@ -345,7 +457,9 @@ class AccessAnalyzer {
/// May throw [AccessDeniedException].
///
/// Parameter [analyzerArn] :
- /// The ARN of the analyzer that generated the finding.
+ /// The ARN
+ /// of the analyzer that generated the finding.
///
/// Parameter [id] :
/// The ID of the finding to retrieve.
@@ -366,6 +480,144 @@ class AccessAnalyzer {
return GetFindingResponse.fromJson(response);
}
+ /// Retrieves the policy that was generated using
+ /// StartPolicyGeneration.
+ ///
+ /// May throw [ValidationException].
+ /// May throw [InternalServerException].
+ /// May throw [ThrottlingException].
+ /// May throw [AccessDeniedException].
+ ///
+ /// Parameter [jobId] :
+ /// The JobId that is returned by the
+ /// StartPolicyGeneration operation. The JobId can
+ /// be used with GetGeneratedPolicy to retrieve the generated
+ /// policies or used with CancelPolicyGeneration to cancel the
+ /// policy generation request.
+ ///
+ /// Parameter [includeResourcePlaceholders] :
+ /// The level of detail that you want to generate. You can specify whether to
+ /// generate policies with placeholders for resource ARNs for actions that
+ /// support resource level granularity in policies.
+ ///
+ /// For example, in the resource section of a policy, you can receive a
+ /// placeholder such as "Resource":"arn:aws:s3:::${BucketName}"
+ /// instead of "*".
+ ///
+ /// Parameter [includeServiceLevelTemplate] :
+ /// The level of detail that you want to generate. You can specify whether to
+ /// generate service-level policies.
+ ///
+ /// IAM Access Analyzer uses iam:servicelastaccessed to identify
+ /// services that have been used recently to create this service-level
+ /// template.
+ Future getGeneratedPolicy({
+ required String jobId,
+ bool? includeResourcePlaceholders,
+ bool? includeServiceLevelTemplate,
+ }) async {
+ final $query = >{
+ if (includeResourcePlaceholders != null)
+ 'includeResourcePlaceholders': [includeResourcePlaceholders.toString()],
+ if (includeServiceLevelTemplate != null)
+ 'includeServiceLevelTemplate': [includeServiceLevelTemplate.toString()],
+ };
+ final response = await _protocol.send(
+ payload: null,
+ method: 'GET',
+ requestUri: '/policy/generation/${Uri.encodeComponent(jobId)}',
+ queryParams: $query,
+ exceptionFnMap: _exceptionFns,
+ );
+ return GetGeneratedPolicyResponse.fromJson(response);
+ }
+
+ /// Retrieves a list of access preview findings generated by the specified
+ /// access preview.
+ ///
+ /// May throw [ResourceNotFoundException].
+ /// May throw [ConflictException].
+ /// May throw [ValidationException].
+ /// May throw [InternalServerException].
+ /// May throw [ThrottlingException].
+ /// May throw [AccessDeniedException].
+ ///
+ /// Parameter [accessPreviewId] :
+ /// The unique ID for the access preview.
+ ///
+ /// Parameter [analyzerArn] :
+ /// The ARN
+ /// of the analyzer used to generate the access.
+ ///
+ /// Parameter [filter] :
+ /// Criteria to filter the returned findings.
+ ///
+ /// Parameter [maxResults] :
+ /// The maximum number of results to return in the response.
+ ///
+ /// Parameter [nextToken] :
+ /// A token used for pagination of results returned.
+ Future listAccessPreviewFindings({
+ required String accessPreviewId,
+ required String analyzerArn,
+ Map? filter,
+ int? maxResults,
+ String? nextToken,
+ }) async {
+ final $payload = {
+ 'analyzerArn': analyzerArn,
+ if (filter != null) 'filter': filter,
+ if (maxResults != null) 'maxResults': maxResults,
+ if (nextToken != null) 'nextToken': nextToken,
+ };
+ final response = await _protocol.send(
+ payload: $payload,
+ method: 'POST',
+ requestUri: '/access-preview/${Uri.encodeComponent(accessPreviewId)}',
+ exceptionFnMap: _exceptionFns,
+ );
+ return ListAccessPreviewFindingsResponse.fromJson(response);
+ }
+
+ /// Retrieves a list of access previews for the specified analyzer.
+ ///
+ /// May throw [ResourceNotFoundException].
+ /// May throw [ValidationException].
+ /// May throw [InternalServerException].
+ /// May throw [ThrottlingException].
+ /// May throw [AccessDeniedException].
+ ///
+ /// Parameter [analyzerArn] :
+ /// The ARN
+ /// of the analyzer used to generate the access preview.
+ ///
+ /// Parameter [maxResults] :
+ /// The maximum number of results to return in the response.
+ ///
+ /// Parameter [nextToken] :
+ /// A token used for pagination of results returned.
+ Future listAccessPreviews({
+ required String analyzerArn,
+ int? maxResults,
+ String? nextToken,
+ }) async {
+ final $query = >{
+ 'analyzerArn': [analyzerArn],
+ if (maxResults != null) 'maxResults': [maxResults.toString()],
+ if (nextToken != null) 'nextToken': [nextToken],
+ };
+ final response = await _protocol.send(
+ payload: null,
+ method: 'GET',
+ requestUri: '/access-preview',
+ queryParams: $query,
+ exceptionFnMap: _exceptionFns,
+ );
+ return ListAccessPreviewsResponse.fromJson(response);
+ }
+
/// Retrieves a list of resources of the specified type that have been
/// analyzed by the specified analyzer..
///
@@ -376,7 +628,9 @@ class AccessAnalyzer {
/// May throw [AccessDeniedException].
///
/// Parameter [analyzerArn] :
- /// The ARN of the analyzer to retrieve a list of analyzed resources from.
+ /// The ARN
+ /// of the analyzer to retrieve a list of analyzed resources from.
///
/// Parameter [maxResults] :
/// The maximum number of results to return in the response.
@@ -478,10 +732,10 @@ class AccessAnalyzer {
/// Retrieves a list of findings generated by the specified analyzer.
///
- /// To learn about filter keys that you can use to create an archive rule, see
- /// Access
- /// Analyzer filter keys in the IAM User Guide.
+ /// To learn about filter keys that you can use to retrieve a list of
+ /// findings, see IAM
+ /// Access Analyzer filter keys in the IAM User Guide.
///
/// May throw [ResourceNotFoundException].
/// May throw [ValidationException].
@@ -490,7 +744,9 @@ class AccessAnalyzer {
/// May throw [AccessDeniedException].
///
/// Parameter [analyzerArn] :
- /// The ARN of the analyzer to retrieve findings from.
+ /// The ARN
+ /// of the analyzer to retrieve findings from.
///
/// Parameter [filter] :
/// A filter to match for the findings to return.
@@ -526,6 +782,49 @@ class AccessAnalyzer {
return ListFindingsResponse.fromJson(response);
}
+ /// Lists all of the policy generations requested in the last seven days.
+ ///
+ /// May throw [ValidationException].
+ /// May throw [InternalServerException].
+ /// May throw [ThrottlingException].
+ /// May throw [AccessDeniedException].
+ ///
+ /// Parameter [maxResults] :
+ /// The maximum number of results to return in the response.
+ ///
+ /// Parameter [nextToken] :
+ /// A token used for pagination of results returned.
+ ///
+ /// Parameter [principalArn] :
+ /// The ARN of the IAM entity (user or role) for which you are generating a
+ /// policy. Use this with ListGeneratedPolicies to filter the
+ /// results to only include results for a specific principal.
+ Future listPolicyGenerations({
+ int? maxResults,
+ String? nextToken,
+ String? principalArn,
+ }) async {
+ _s.validateNumRange(
+ 'maxResults',
+ maxResults,
+ 1,
+ 1152921504606846976,
+ );
+ final $query = >{
+ if (maxResults != null) 'maxResults': [maxResults.toString()],
+ if (nextToken != null) 'nextToken': [nextToken],
+ if (principalArn != null) 'principalArn': [principalArn],
+ };
+ final response = await _protocol.send(
+ payload: null,
+ method: 'GET',
+ requestUri: '/policy/generation',
+ queryParams: $query,
+ exceptionFnMap: _exceptionFns,
+ );
+ return ListPolicyGenerationsResponse.fromJson(response);
+ }
+
/// Retrieves a list of tags applied to the specified resource.
///
/// May throw [ResourceNotFoundException].
@@ -548,6 +847,52 @@ class AccessAnalyzer {
return ListTagsForResourceResponse.fromJson(response);
}
+ /// Starts the policy generation request.
+ ///
+ /// May throw [ConflictException].
+ /// May throw [ValidationException].
+ /// May throw [InternalServerException].
+ /// May throw [ServiceQuotaExceededException].
+ /// May throw [ThrottlingException].
+ /// May throw [AccessDeniedException].
+ ///
+ /// Parameter [policyGenerationDetails] :
+ /// Contains the ARN of the IAM entity (user or role) for which you are
+ /// generating a policy.
+ ///
+ /// Parameter [clientToken] :
+ /// A unique, case-sensitive identifier that you provide to ensure the
+ /// idempotency of the request. Idempotency ensures that an API request
+ /// completes only once. With an idempotent request, if the original request
+ /// completes successfully, the subsequent retries with the same client token
+ /// return the result from the original successful request and they have no
+ /// additional effect.
+ ///
+ /// If you do not specify a client token, one is automatically generated by
+ /// the Amazon Web Services SDK.
+ ///
+ /// Parameter [cloudTrailDetails] :
+ /// A CloudTrailDetails object that contains details about a
+ /// Trail that you want to analyze to generate policies.
+ Future startPolicyGeneration({
+ required PolicyGenerationDetails policyGenerationDetails,
+ String? clientToken,
+ CloudTrailDetails? cloudTrailDetails,
+ }) async {
+ final $payload = {
+ 'policyGenerationDetails': policyGenerationDetails,
+ 'clientToken': clientToken ?? _s.generateIdempotencyToken(),
+ if (cloudTrailDetails != null) 'cloudTrailDetails': cloudTrailDetails,
+ };
+ final response = await _protocol.send(
+ payload: $payload,
+ method: 'PUT',
+ requestUri: '/policy/generation',
+ exceptionFnMap: _exceptionFns,
+ );
+ return StartPolicyGenerationResponse.fromJson(response);
+ }
+
/// Immediately starts a scan of the policies applied to the specified
/// resource.
///
@@ -558,18 +903,28 @@ class AccessAnalyzer {
/// May throw [AccessDeniedException].
///
/// Parameter [analyzerArn] :
- /// The ARN of the analyzer to use to scan the policies applied to the
- /// specified resource.
+ /// The ARN
+ /// of the analyzer to use to scan the policies applied to the specified
+ /// resource.
///
/// Parameter [resourceArn] :
/// The ARN of the resource to scan.
+ ///
+ /// Parameter [resourceOwnerAccount] :
+ /// The Amazon Web Services account ID that owns the resource. For most Amazon
+ /// Web Services resources, the owning account is the account in which the
+ /// resource was created.
Future startResourceScan({
required String analyzerArn,
required String resourceArn,
+ String? resourceOwnerAccount,
}) async {
final $payload = {
'analyzerArn': analyzerArn,
'resourceArn': resourceArn,
+ if (resourceOwnerAccount != null)
+ 'resourceOwnerAccount': resourceOwnerAccount,
};
await _protocol.send(
payload: $payload,
@@ -684,7 +1039,9 @@ class AccessAnalyzer {
/// May throw [AccessDeniedException].
///
/// Parameter [analyzerArn] :
- /// The ARN of the analyzer that generated the findings to update.
+ /// The ARN
+ /// of the analyzer that generated the findings to update.
///
/// Parameter [status] :
/// The state represents the action to take to update the finding Status. Use
@@ -721,24 +1078,499 @@ class AccessAnalyzer {
exceptionFnMap: _exceptionFns,
);
}
+
+ /// Requests the validation of a policy and returns a list of findings. The
+ /// findings help you identify issues and provide actionable recommendations
+ /// to resolve the issue and enable you to author functional policies that
+ /// meet security best practices.
+ ///
+ /// May throw [ValidationException].
+ /// May throw [InternalServerException].
+ /// May throw [ThrottlingException].
+ /// May throw [AccessDeniedException].
+ ///
+ /// Parameter [policyDocument] :
+ /// The JSON policy document to use as the content for the policy.
+ ///
+ /// Parameter [policyType] :
+ /// The type of policy to validate. Identity policies grant permissions to IAM
+ /// principals. Identity policies include managed and inline policies for IAM
+ /// roles, users, and groups. They also include service-control policies
+ /// (SCPs) that are attached to an Amazon Web Services organization,
+ /// organizational unit (OU), or an account.
+ ///
+ /// Resource policies grant permissions on Amazon Web Services resources.
+ /// Resource policies include trust policies for IAM roles and bucket policies
+ /// for Amazon S3 buckets. You can provide a generic input such as identity
+ /// policy or resource policy or a specific input such as managed policy or
+ /// Amazon S3 bucket policy.
+ ///
+ /// Parameter [locale] :
+ /// The locale to use for localizing the findings.
+ ///
+ /// Parameter [maxResults] :
+ /// The maximum number of results to return in the response.
+ ///
+ /// Parameter [nextToken] :
+ /// A token used for pagination of results returned.
+ ///
+ /// Parameter [validatePolicyResourceType] :
+ /// The type of resource to attach to your resource policy. Specify a value
+ /// for the policy validation resource type only if the policy type is
+ /// RESOURCE_POLICY. For example, to validate a resource policy
+ /// to attach to an Amazon S3 bucket, you can choose
+ /// AWS::S3::Bucket for the policy validation resource type.
+ ///
+ /// For resource types not supported as valid values, IAM Access Analyzer runs
+ /// policy checks that apply to all resource policies. For example, to
+ /// validate a resource policy to attach to a KMS key, do not specify a value
+ /// for the policy validation resource type and IAM Access Analyzer will run
+ /// policy checks that apply to all resource policies.
+ Future validatePolicy({
+ required String policyDocument,
+ required PolicyType policyType,
+ Locale? locale,
+ int? maxResults,
+ String? nextToken,
+ ValidatePolicyResourceType? validatePolicyResourceType,
+ }) async {
+ final $query = >{
+ if (maxResults != null) 'maxResults': [maxResults.toString()],
+ if (nextToken != null) 'nextToken': [nextToken],
+ };
+ final $payload = {
+ 'policyDocument': policyDocument,
+ 'policyType': policyType.toValue(),
+ if (locale != null) 'locale': locale.toValue(),
+ if (validatePolicyResourceType != null)
+ 'validatePolicyResourceType': validatePolicyResourceType.toValue(),
+ };
+ final response = await _protocol.send(
+ payload: $payload,
+ method: 'POST',
+ requestUri: '/policy/validation',
+ queryParams: $query,
+ exceptionFnMap: _exceptionFns,
+ );
+ return ValidatePolicyResponse.fromJson(response);
+ }
}
-/// Contains details about the analyzed resource.
-class AnalyzedResource {
- /// The time at which the resource was analyzed.
- final DateTime analyzedAt;
+/// Contains information about an access preview.
+class AccessPreview {
+ /// The ARN of the analyzer used to generate the access preview.
+ final String analyzerArn;
- /// The time at which the finding was created.
+ /// A map of resource ARNs for the proposed resource configuration.
+ final Map configurations;
+
+ /// The time at which the access preview was created.
final DateTime createdAt;
- /// Indicates whether the policy that generated the finding grants public access
- /// to the resource.
- final bool isPublic;
+ /// The unique ID for the access preview.
+ final String id;
- /// The ARN of the resource that was analyzed.
+ /// The status of the access preview.
+ ///
+ ///
+ /// -
+ ///
Creating - The access preview creation is in progress.
+ ///
+ /// -
+ ///
Completed - The access preview is complete. You can preview
+ /// findings for external access to the resource.
+ ///
+ /// -
+ ///
Failed - The access preview creation has failed.
+ ///
+ ///
+ final AccessPreviewStatus status;
+
+ /// Provides more details about the current status of the access preview.
+ ///
+ /// For example, if the creation of the access preview fails, a
+ /// Failed status is returned. This failure can be due to an
+ /// internal issue with the analysis or due to an invalid resource
+ /// configuration.
+ final AccessPreviewStatusReason? statusReason;
+
+ AccessPreview({
+ required this.analyzerArn,
+ required this.configurations,
+ required this.createdAt,
+ required this.id,
+ required this.status,
+ this.statusReason,
+ });
+
+ factory AccessPreview.fromJson(Map json) {
+ return AccessPreview(
+ analyzerArn: json['analyzerArn'] as String,
+ configurations: (json['configurations'] as Map).map(
+ (k, e) =>
+ MapEntry(k, Configuration.fromJson(e as Map))),
+ createdAt: nonNullableTimeStampFromJson(json['createdAt'] as Object),
+ id: json['id'] as String,
+ status: (json['status'] as String).toAccessPreviewStatus(),
+ statusReason: json['statusReason'] != null
+ ? AccessPreviewStatusReason.fromJson(
+ json['statusReason'] as Map)
+ : null,
+ );
+ }
+}
+
+/// An access preview finding generated by the access preview.
+class AccessPreviewFinding {
+ /// Provides context on how the access preview finding compares to existing
+ /// access identified in IAM Access Analyzer.
+ ///
+ ///
+ /// -
+ ///
New - The finding is for newly-introduced access.
+ ///
+ /// -
+ ///
Unchanged - The preview finding is an existing finding that
+ /// would remain unchanged.
+ ///
+ /// -
+ ///
Changed - The preview finding is an existing finding with a
+ /// change in status.
+ ///
+ ///
+ /// For example, a Changed finding with preview status
+ /// Resolved and existing status Active indicates the
+ /// existing Active finding would become Resolved as a
+ /// result of the proposed permissions change.
+ final FindingChangeType changeType;
+
+ /// The time at which the access preview finding was created.
+ final DateTime createdAt;
+
+ /// The ID of the access preview finding. This ID uniquely identifies the
+ /// element in the list of access preview findings and is not related to the
+ /// finding ID in Access Analyzer.
+ final String id;
+
+ /// The Amazon Web Services account ID that owns the resource. For most Amazon
+ /// Web Services resources, the owning account is the account in which the
+ /// resource was created.
+ final String resourceOwnerAccount;
+
+ /// The type of the resource that can be accessed in the finding.
+ final ResourceType resourceType;
+
+ /// The preview status of the finding. This is what the status of the finding
+ /// would be after permissions deployment. For example, a Changed
+ /// finding with preview status Resolved and existing status
+ /// Active indicates the existing Active finding would
+ /// become Resolved as a result of the proposed permissions change.
+ final FindingStatus status;
+
+ /// The action in the analyzed policy statement that an external principal has
+ /// permission to perform.
+ final List? action;
+
+ /// The condition in the analyzed policy statement that resulted in a finding.
+ final Map? condition;
+
+ /// An error.
+ final String? error;
+
+ /// The existing ID of the finding in IAM Access Analyzer, provided only for
+ /// existing findings.
+ final String? existingFindingId;
+
+ /// The existing status of the finding, provided only for existing findings.
+ final FindingStatus? existingFindingStatus;
+
+ /// Indicates whether the policy that generated the finding allows public access
+ /// to the resource.
+ final bool? isPublic;
+
+ /// The external principal that has access to a resource within the zone of
+ /// trust.
+ final Map? principal;
+
+ /// The resource that an external principal has access to. This is the resource
+ /// associated with the access preview.
+ final String? resource;
+
+ /// The sources of the finding. This indicates how the access that generated the
+ /// finding is granted. It is populated for Amazon S3 bucket findings.
+ final List? sources;
+
+ AccessPreviewFinding({
+ required this.changeType,
+ required this.createdAt,
+ required this.id,
+ required this.resourceOwnerAccount,
+ required this.resourceType,
+ required this.status,
+ this.action,
+ this.condition,
+ this.error,
+ this.existingFindingId,
+ this.existingFindingStatus,
+ this.isPublic,
+ this.principal,
+ this.resource,
+ this.sources,
+ });
+
+ factory AccessPreviewFinding.fromJson(Map json) {
+ return AccessPreviewFinding(
+ changeType: (json['changeType'] as String).toFindingChangeType(),
+ createdAt: nonNullableTimeStampFromJson(json['createdAt'] as Object),
+ id: json['id'] as String,
+ resourceOwnerAccount: json['resourceOwnerAccount'] as String,
+ resourceType: (json['resourceType'] as String).toResourceType(),
+ status: (json['status'] as String).toFindingStatus(),
+ action: (json['action'] as List?)
+ ?.whereNotNull()
+ .map((e) => e as String)
+ .toList(),
+ condition: (json['condition'] as Map?)
+ ?.map((k, e) => MapEntry(k, e as String)),
+ error: json['error'] as String?,
+ existingFindingId: json['existingFindingId'] as String?,
+ existingFindingStatus:
+ (json['existingFindingStatus'] as String?)?.toFindingStatus(),
+ isPublic: json['isPublic'] as bool?,
+ principal: (json['principal'] as Map?)
+ ?.map((k, e) => MapEntry(k, e as String)),
+ resource: json['resource'] as String?,
+ sources: (json['sources'] as List?)
+ ?.whereNotNull()
+ .map((e) => FindingSource.fromJson(e as Map))
+ .toList(),
+ );
+ }
+}
+
+enum AccessPreviewStatus {
+ completed,
+ creating,
+ failed,
+}
+
+extension AccessPreviewStatusValueExtension on AccessPreviewStatus {
+ String toValue() {
+ switch (this) {
+ case AccessPreviewStatus.completed:
+ return 'COMPLETED';
+ case AccessPreviewStatus.creating:
+ return 'CREATING';
+ case AccessPreviewStatus.failed:
+ return 'FAILED';
+ }
+ }
+}
+
+extension AccessPreviewStatusFromString on String {
+ AccessPreviewStatus toAccessPreviewStatus() {
+ switch (this) {
+ case 'COMPLETED':
+ return AccessPreviewStatus.completed;
+ case 'CREATING':
+ return AccessPreviewStatus.creating;
+ case 'FAILED':
+ return AccessPreviewStatus.failed;
+ }
+ throw Exception('$this is not known in enum AccessPreviewStatus');
+ }
+}
+
+/// Provides more details about the current status of the access preview. For
+/// example, if the creation of the access preview fails, a Failed
+/// status is returned. This failure can be due to an internal issue with the
+/// analysis or due to an invalid proposed resource configuration.
+class AccessPreviewStatusReason {
+ /// The reason code for the current status of the access preview.
+ final AccessPreviewStatusReasonCode code;
+
+ AccessPreviewStatusReason({
+ required this.code,
+ });
+
+ factory AccessPreviewStatusReason.fromJson(Map json) {
+ return AccessPreviewStatusReason(
+ code: (json['code'] as String).toAccessPreviewStatusReasonCode(),
+ );
+ }
+}
+
+enum AccessPreviewStatusReasonCode {
+ internalError,
+ invalidConfiguration,
+}
+
+extension AccessPreviewStatusReasonCodeValueExtension
+ on AccessPreviewStatusReasonCode {
+ String toValue() {
+ switch (this) {
+ case AccessPreviewStatusReasonCode.internalError:
+ return 'INTERNAL_ERROR';
+ case AccessPreviewStatusReasonCode.invalidConfiguration:
+ return 'INVALID_CONFIGURATION';
+ }
+ }
+}
+
+extension AccessPreviewStatusReasonCodeFromString on String {
+ AccessPreviewStatusReasonCode toAccessPreviewStatusReasonCode() {
+ switch (this) {
+ case 'INTERNAL_ERROR':
+ return AccessPreviewStatusReasonCode.internalError;
+ case 'INVALID_CONFIGURATION':
+ return AccessPreviewStatusReasonCode.invalidConfiguration;
+ }
+ throw Exception('$this is not known in enum AccessPreviewStatusReasonCode');
+ }
+}
+
+/// Contains a summary of information about an access preview.
+class AccessPreviewSummary {
+ /// The ARN of the analyzer used to generate the access preview.
+ final String analyzerArn;
+
+ /// The time at which the access preview was created.
+ final DateTime createdAt;
+
+ /// The unique ID for the access preview.
+ final String id;
+
+ /// The status of the access preview.
+ ///
+ ///
+ /// -
+ ///
Creating - The access preview creation is in progress.
+ ///
+ /// -
+ ///
Completed - The access preview is complete and previews the
+ /// findings for external access to the resource.
+ ///
+ /// -
+ ///
Failed - The access preview creation has failed.
+ ///
+ ///
+ final AccessPreviewStatus status;
+ final AccessPreviewStatusReason? statusReason;
+
+ AccessPreviewSummary({
+ required this.analyzerArn,
+ required this.createdAt,
+ required this.id,
+ required this.status,
+ this.statusReason,
+ });
+
+ factory AccessPreviewSummary.fromJson(Map json) {
+ return AccessPreviewSummary(
+ analyzerArn: json['analyzerArn'] as String,
+ createdAt: nonNullableTimeStampFromJson(json['createdAt'] as Object),
+ id: json['id'] as String,
+ status: (json['status'] as String).toAccessPreviewStatus(),
+ statusReason: json['statusReason'] != null
+ ? AccessPreviewStatusReason.fromJson(
+ json['statusReason'] as Map)
+ : null,
+ );
+ }
+}
+
+/// You specify each grantee as a type-value pair using one of these types. You
+/// can specify only one type of grantee. For more information, see PutBucketAcl.
+class AclGrantee {
+ /// The value specified is the canonical user ID of an Amazon Web Services
+ /// account.
+ final String? id;
+
+ /// Used for granting permissions to a predefined group.
+ final String? uri;
+
+ AclGrantee({
+ this.id,
+ this.uri,
+ });
+
+ factory AclGrantee.fromJson(Map json) {
+ return AclGrantee(
+ id: json['id'] as String?,
+ uri: json['uri'] as String?,
+ );
+ }
+
+ Map toJson() {
+ final id = this.id;
+ final uri = this.uri;
+ return {
+ if (id != null) 'id': id,
+ if (uri != null) 'uri': uri,
+ };
+ }
+}
+
+enum AclPermission {
+ read,
+ write,
+ readAcp,
+ writeAcp,
+ fullControl,
+}
+
+extension AclPermissionValueExtension on AclPermission {
+ String toValue() {
+ switch (this) {
+ case AclPermission.read:
+ return 'READ';
+ case AclPermission.write:
+ return 'WRITE';
+ case AclPermission.readAcp:
+ return 'READ_ACP';
+ case AclPermission.writeAcp:
+ return 'WRITE_ACP';
+ case AclPermission.fullControl:
+ return 'FULL_CONTROL';
+ }
+ }
+}
+
+extension AclPermissionFromString on String {
+ AclPermission toAclPermission() {
+ switch (this) {
+ case 'READ':
+ return AclPermission.read;
+ case 'WRITE':
+ return AclPermission.write;
+ case 'READ_ACP':
+ return AclPermission.readAcp;
+ case 'WRITE_ACP':
+ return AclPermission.writeAcp;
+ case 'FULL_CONTROL':
+ return AclPermission.fullControl;
+ }
+ throw Exception('$this is not known in enum AclPermission');
+ }
+}
+
+/// Contains details about the analyzed resource.
+class AnalyzedResource {
+ /// The time at which the resource was analyzed.
+ final DateTime analyzedAt;
+
+ /// The time at which the finding was created.
+ final DateTime createdAt;
+
+ /// Indicates whether the policy that generated the finding grants public access
+ /// to the resource.
+ final bool isPublic;
+
+ /// The ARN of the resource that was analyzed.
final String resourceArn;
- /// The AWS account ID that owns the resource.
+ /// The Amazon Web Services account ID that owns the resource.
final String resourceOwnerAccount;
/// The type of the resource that was analyzed.
@@ -774,6 +1606,7 @@ class AnalyzedResource {
this.sharedVia,
this.status,
});
+
factory AnalyzedResource.fromJson(Map json) {
return AnalyzedResource(
analyzedAt: nonNullableTimeStampFromJson(json['analyzedAt'] as Object),
@@ -802,7 +1635,7 @@ class AnalyzedResourceSummary {
/// The ARN of the analyzed resource.
final String resourceArn;
- /// The AWS account ID that owns the resource.
+ /// The Amazon Web Services account ID that owns the resource.
final String resourceOwnerAccount;
/// The type of resource that was analyzed.
@@ -813,6 +1646,7 @@ class AnalyzedResourceSummary {
required this.resourceOwnerAccount,
required this.resourceType,
});
+
factory AnalyzedResourceSummary.fromJson(Map json) {
return AnalyzedResourceSummary(
resourceArn: json['resourceArn'] as String,
@@ -874,10 +1708,10 @@ class AnalyzerSummary {
/// The status of the analyzer. An Active analyzer successfully
/// monitors supported resources and generates new findings. The analyzer is
/// Disabled when a user action, such as removing trusted access
- /// for IAM Access Analyzer from AWS Organizations, causes the analyzer to stop
- /// generating new findings. The status is Creating when the
- /// analyzer creation is in progress and Failed when the analyzer
- /// creation has failed.
+ /// for Identity and Access Management Access Analyzer from Organizations,
+ /// causes the analyzer to stop generating new findings. The status is
+ /// Creating when the analyzer creation is in progress and
+ /// Failed when the analyzer creation has failed.
final AnalyzerStatus status;
/// The type of analyzer, which corresponds to the zone of trust chosen for the
@@ -892,10 +1726,10 @@ class AnalyzerSummary {
/// The statusReason provides more details about the current status
/// of the analyzer. For example, if the creation for the analyzer fails, a
- /// Failed status is displayed. For an analyzer with organization
- /// as the type, this failure can be due to an issue with creating the
- /// service-linked roles required in the member accounts of the AWS
- /// organization.
+ /// Failed status is returned. For an analyzer with organization as
+ /// the type, this failure can be due to an issue with creating the
+ /// service-linked roles required in the member accounts of the Amazon Web
+ /// Services organization.
final StatusReason? statusReason;
/// The tags added to the analyzer.
@@ -912,6 +1746,7 @@ class AnalyzerSummary {
this.statusReason,
this.tags,
});
+
factory AnalyzerSummary.fromJson(Map json) {
return AnalyzerSummary(
arn: json['arn'] as String,
@@ -950,6 +1785,7 @@ class ArchiveRuleSummary {
required this.ruleName,
required this.updatedAt,
});
+
factory ArchiveRuleSummary.fromJson(Map json) {
return ArchiveRuleSummary(
createdAt: nonNullableTimeStampFromJson(json['createdAt'] as Object),
@@ -961,6 +1797,233 @@ class ArchiveRuleSummary {
}
}
+class CancelPolicyGenerationResponse {
+ CancelPolicyGenerationResponse();
+
+ factory CancelPolicyGenerationResponse.fromJson(Map _) {
+ return CancelPolicyGenerationResponse();
+ }
+}
+
+/// Contains information about CloudTrail access.
+class CloudTrailDetails {
+ /// The ARN of the service role that IAM Access Analyzer uses to access your
+ /// CloudTrail trail and service last accessed information.
+ final String accessRole;
+
+ /// The start of the time range for which IAM Access Analyzer reviews your
+ /// CloudTrail events. Events with a timestamp before this time are not
+ /// considered to generate a policy.
+ final DateTime startTime;
+
+ /// A Trail object that contains settings for a trail.
+ final List trails;
+
+ /// The end of the time range for which IAM Access Analyzer reviews your
+ /// CloudTrail events. Events with a timestamp after this time are not
+ /// considered to generate a policy. If this is not included in the request, the
+ /// default value is the current time.
+ final DateTime? endTime;
+
+ CloudTrailDetails({
+ required this.accessRole,
+ required this.startTime,
+ required this.trails,
+ this.endTime,
+ });
+ Map toJson() {
+ final accessRole = this.accessRole;
+ final startTime = this.startTime;
+ final trails = this.trails;
+ final endTime = this.endTime;
+ return {
+ 'accessRole': accessRole,
+ 'startTime': iso8601ToJson(startTime),
+ 'trails': trails,
+ if (endTime != null) 'endTime': iso8601ToJson(endTime),
+ };
+ }
+}
+
+/// Contains information about CloudTrail access.
+class CloudTrailProperties {
+ /// The end of the time range for which IAM Access Analyzer reviews your
+ /// CloudTrail events. Events with a timestamp after this time are not
+ /// considered to generate a policy. If this is not included in the request, the
+ /// default value is the current time.
+ final DateTime endTime;
+
+ /// The start of the time range for which IAM Access Analyzer reviews your
+ /// CloudTrail events. Events with a timestamp before this time are not
+ /// considered to generate a policy.
+ final DateTime startTime;
+
+ /// A TrailProperties object that contains settings for trail
+ /// properties.
+ final List trailProperties;
+
+ CloudTrailProperties({
+ required this.endTime,
+ required this.startTime,
+ required this.trailProperties,
+ });
+
+ factory CloudTrailProperties.fromJson(Map json) {
+ return CloudTrailProperties(
+ endTime: nonNullableTimeStampFromJson(json['endTime'] as Object),
+ startTime: nonNullableTimeStampFromJson(json['startTime'] as Object),
+ trailProperties: (json['trailProperties'] as List)
+ .whereNotNull()
+ .map((e) => TrailProperties.fromJson(e as Map))
+ .toList(),
+ );
+ }
+}
+
+/// Access control configuration structures for your resource. You specify the
+/// configuration as a type-value pair. You can specify only one type of access
+/// control configuration.
+class Configuration {
+ /// The access control configuration is for an Amazon EBS volume snapshot.
+ final EbsSnapshotConfiguration? ebsSnapshot;
+
+ /// The access control configuration is for an Amazon ECR repository.
+ final EcrRepositoryConfiguration? ecrRepository;
+
+ /// The access control configuration is for an Amazon EFS file system.
+ final EfsFileSystemConfiguration? efsFileSystem;
+
+ /// The access control configuration is for an IAM role.
+ final IamRoleConfiguration? iamRole;
+
+ /// The access control configuration is for a KMS key.
+ final KmsKeyConfiguration? kmsKey;
+
+ /// The access control configuration is for an Amazon RDS DB cluster snapshot.
+ final RdsDbClusterSnapshotConfiguration? rdsDbClusterSnapshot;
+
+ /// The access control configuration is for an Amazon RDS DB snapshot.
+ final RdsDbSnapshotConfiguration? rdsDbSnapshot;
+
+ /// The access control configuration is for an Amazon S3 Bucket.
+ final S3BucketConfiguration? s3Bucket;
+
+ /// The access control configuration is for a Secrets Manager secret.
+ final SecretsManagerSecretConfiguration? secretsManagerSecret;
+
+ /// The access control configuration is for an Amazon SNS topic
+ final SnsTopicConfiguration? snsTopic;
+
+ /// The access control configuration is for an Amazon SQS queue.
+ final SqsQueueConfiguration? sqsQueue;
+
+ Configuration({
+ this.ebsSnapshot,
+ this.ecrRepository,
+ this.efsFileSystem,
+ this.iamRole,
+ this.kmsKey,
+ this.rdsDbClusterSnapshot,
+ this.rdsDbSnapshot,
+ this.s3Bucket,
+ this.secretsManagerSecret,
+ this.snsTopic,
+ this.sqsQueue,
+ });
+
+ factory Configuration.fromJson(Map json) {
+ return Configuration(
+ ebsSnapshot: json['ebsSnapshot'] != null
+ ? EbsSnapshotConfiguration.fromJson(
+ json['ebsSnapshot'] as Map)
+ : null,
+ ecrRepository: json['ecrRepository'] != null
+ ? EcrRepositoryConfiguration.fromJson(
+ json['ecrRepository'] as Map)
+ : null,
+ efsFileSystem: json['efsFileSystem'] != null
+ ? EfsFileSystemConfiguration.fromJson(
+ json['efsFileSystem'] as Map)
+ : null,
+ iamRole: json['iamRole'] != null
+ ? IamRoleConfiguration.fromJson(
+ json['iamRole'] as Map)
+ : null,
+ kmsKey: json['kmsKey'] != null
+ ? KmsKeyConfiguration.fromJson(json['kmsKey'] as Map)
+ : null,
+ rdsDbClusterSnapshot: json['rdsDbClusterSnapshot'] != null
+ ? RdsDbClusterSnapshotConfiguration.fromJson(
+ json['rdsDbClusterSnapshot'] as Map)
+ : null,
+ rdsDbSnapshot: json['rdsDbSnapshot'] != null
+ ? RdsDbSnapshotConfiguration.fromJson(
+ json['rdsDbSnapshot'] as Map)
+ : null,
+ s3Bucket: json['s3Bucket'] != null
+ ? S3BucketConfiguration.fromJson(
+ json['s3Bucket'] as Map)
+ : null,
+ secretsManagerSecret: json['secretsManagerSecret'] != null
+ ? SecretsManagerSecretConfiguration.fromJson(
+ json['secretsManagerSecret'] as Map)
+ : null,
+ snsTopic: json['snsTopic'] != null
+ ? SnsTopicConfiguration.fromJson(
+ json['snsTopic'] as Map)
+ : null,
+ sqsQueue: json['sqsQueue'] != null
+ ? SqsQueueConfiguration.fromJson(
+ json['sqsQueue'] as Map)
+ : null,
+ );
+ }
+
+ Map toJson() {
+ final ebsSnapshot = this.ebsSnapshot;
+ final ecrRepository = this.ecrRepository;
+ final efsFileSystem = this.efsFileSystem;
+ final iamRole = this.iamRole;
+ final kmsKey = this.kmsKey;
+ final rdsDbClusterSnapshot = this.rdsDbClusterSnapshot;
+ final rdsDbSnapshot = this.rdsDbSnapshot;
+ final s3Bucket = this.s3Bucket;
+ final secretsManagerSecret = this.secretsManagerSecret;
+ final snsTopic = this.snsTopic;
+ final sqsQueue = this.sqsQueue;
+ return {
+ if (ebsSnapshot != null) 'ebsSnapshot': ebsSnapshot,
+ if (ecrRepository != null) 'ecrRepository': ecrRepository,
+ if (efsFileSystem != null) 'efsFileSystem': efsFileSystem,
+ if (iamRole != null) 'iamRole': iamRole,
+ if (kmsKey != null) 'kmsKey': kmsKey,
+ if (rdsDbClusterSnapshot != null)
+ 'rdsDbClusterSnapshot': rdsDbClusterSnapshot,
+ if (rdsDbSnapshot != null) 'rdsDbSnapshot': rdsDbSnapshot,
+ if (s3Bucket != null) 's3Bucket': s3Bucket,
+ if (secretsManagerSecret != null)
+ 'secretsManagerSecret': secretsManagerSecret,
+ if (snsTopic != null) 'snsTopic': snsTopic,
+ if (sqsQueue != null) 'sqsQueue': sqsQueue,
+ };
+ }
+}
+
+class CreateAccessPreviewResponse {
+ /// The unique ID for the access preview.
+ final String id;
+
+ CreateAccessPreviewResponse({
+ required this.id,
+ });
+
+ factory CreateAccessPreviewResponse.fromJson(Map json) {
+ return CreateAccessPreviewResponse(
+ id: json['id'] as String,
+ );
+ }
+}
+
/// The response to the request to create an analyzer.
class CreateAnalyzerResponse {
/// The ARN of the analyzer that was created by the request.
@@ -969,6 +2032,7 @@ class CreateAnalyzerResponse {
CreateAnalyzerResponse({
this.arn,
});
+
factory CreateAnalyzerResponse.fromJson(Map json) {
return CreateAnalyzerResponse(
arn: json['arn'] as String?,
@@ -976,7 +2040,10 @@ class CreateAnalyzerResponse {
}
}
-/// The criteria to use in the filter that defines the archive rule.
+/// The criteria to use in the filter that defines the archive rule. For more
+/// information on available filter keys, see IAM
+/// Access Analyzer filter keys.
class Criterion {
/// A "contains" operator to match for the filter used to create the rule.
final List? contains;
@@ -996,6 +2063,7 @@ class Criterion {
this.exists,
this.neq,
});
+
factory Criterion.fromJson(Map json) {
return Criterion(
contains: (json['contains'] as List?)
@@ -1028,8 +2096,203 @@ class Criterion {
}
}
-/// Contains information about a finding.
-class Finding {
+/// The proposed access control configuration for an Amazon EBS volume snapshot.
+/// You can propose a configuration for a new Amazon EBS volume snapshot or an
+/// Amazon EBS volume snapshot that you own by specifying the user IDs, groups,
+/// and optional KMS encryption key. For more information, see ModifySnapshotAttribute.
+class EbsSnapshotConfiguration {
+ /// The groups that have access to the Amazon EBS volume snapshot. If the value
+ /// all is specified, then the Amazon EBS volume snapshot is
+ /// public.
+ ///
+ ///
+ /// -
+ /// If the configuration is for an existing Amazon EBS volume snapshot and you
+ /// do not specify the
groups, then the access preview uses the
+ /// existing shared groups for the snapshot.
+ ///
+ /// -
+ /// If the access preview is for a new resource and you do not specify the
+ ///
groups, then the access preview considers the snapshot without
+ /// any groups.
+ ///
+ /// -
+ /// To propose deletion of existing shared
groups, you can specify
+ /// an empty list for groups.
+ ///
+ ///
+ final List? groups;
+
+ /// The KMS key identifier for an encrypted Amazon EBS volume snapshot. The KMS
+ /// key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS
+ /// key.
+ ///
+ ///
+ /// -
+ /// If the configuration is for an existing Amazon EBS volume snapshot and you
+ /// do not specify the
kmsKeyId, or you specify an empty string,
+ /// then the access preview uses the existing kmsKeyId of the
+ /// snapshot.
+ ///
+ /// -
+ /// If the access preview is for a new resource and you do not specify the
+ ///
kmsKeyId, the access preview considers the snapshot as
+ /// unencrypted.
+ ///
+ ///
+ final String? kmsKeyId;
+
+ /// The IDs of the Amazon Web Services accounts that have access to the Amazon
+ /// EBS volume snapshot.
+ ///
+ ///
+ /// -
+ /// If the configuration is for an existing Amazon EBS volume snapshot and you
+ /// do not specify the
userIds, then the access preview uses the
+ /// existing shared userIds for the snapshot.
+ ///
+ /// -
+ /// If the access preview is for a new resource and you do not specify the
+ ///
userIds, then the access preview considers the snapshot without
+ /// any userIds.
+ ///
+ /// -
+ /// To propose deletion of existing shared
accountIds, you can
+ /// specify an empty list for userIds.
+ ///
+ ///
+ final List? userIds;
+
+ EbsSnapshotConfiguration({
+ this.groups,
+ this.kmsKeyId,
+ this.userIds,
+ });
+
+ factory EbsSnapshotConfiguration.fromJson(Map json) {
+ return EbsSnapshotConfiguration(
+ groups: (json['groups'] as List?)
+ ?.whereNotNull()
+ .map((e) => e as String)
+ .toList(),
+ kmsKeyId: json['kmsKeyId'] as String?,
+ userIds: (json['userIds'] as List?)
+ ?.whereNotNull()
+ .map((e) => e as String)
+ .toList(),
+ );
+ }
+
+ Map toJson() {
+ final groups = this.groups;
+ final kmsKeyId = this.kmsKeyId;
+ final userIds = this.userIds;
+ return {
+ if (groups != null) 'groups': groups,
+ if (kmsKeyId != null) 'kmsKeyId': kmsKeyId,
+ if (userIds != null) 'userIds': userIds,
+ };
+ }
+}
+
+/// The proposed access control configuration for an Amazon ECR repository. You
+/// can propose a configuration for a new Amazon ECR repository or an existing
+/// Amazon ECR repository that you own by specifying the Amazon ECR policy. For
+/// more information, see Repository.
+///
+///
+/// -
+/// If the configuration is for an existing Amazon ECR repository and you do not
+/// specify the Amazon ECR policy, then the access preview uses the existing
+/// Amazon ECR policy for the repository.
+///
+/// -
+/// If the access preview is for a new resource and you do not specify the
+/// policy, then the access preview assumes an Amazon ECR repository without a
+/// policy.
+///
+/// -
+/// To propose deletion of an existing Amazon ECR repository policy, you can
+/// specify an empty string for the Amazon ECR policy.
+///
+///
+class EcrRepositoryConfiguration {
+ /// The JSON repository policy text to apply to the Amazon ECR repository. For
+ /// more information, see Private
+ /// repository policy examples in the Amazon ECR User Guide.
+ final String? repositoryPolicy;
+
+ EcrRepositoryConfiguration({
+ this.repositoryPolicy,
+ });
+
+ factory EcrRepositoryConfiguration.fromJson(Map json) {
+ return EcrRepositoryConfiguration(
+ repositoryPolicy: json['repositoryPolicy'] as String?,
+ );
+ }
+
+ Map toJson() {
+ final repositoryPolicy = this.repositoryPolicy;
+ return {
+ if (repositoryPolicy != null) 'repositoryPolicy': repositoryPolicy,
+ };
+ }
+}
+
+/// The proposed access control configuration for an Amazon EFS file system. You
+/// can propose a configuration for a new Amazon EFS file system or an existing
+/// Amazon EFS file system that you own by specifying the Amazon EFS policy. For
+/// more information, see Using file
+/// systems in Amazon EFS.
+///
+///
+/// -
+/// If the configuration is for an existing Amazon EFS file system and you do
+/// not specify the Amazon EFS policy, then the access preview uses the existing
+/// Amazon EFS policy for the file system.
+///
+/// -
+/// If the access preview is for a new resource and you do not specify the
+/// policy, then the access preview assumes an Amazon EFS file system without a
+/// policy.
+///
+/// -
+/// To propose deletion of an existing Amazon EFS file system policy, you can
+/// specify an empty string for the Amazon EFS policy.
+///
+///
+class EfsFileSystemConfiguration {
+ /// The JSON policy definition to apply to the Amazon EFS file system. For more
+ /// information on the elements that make up a file system policy, see Amazon
+ /// EFS Resource-based policies.
+ final String? fileSystemPolicy;
+
+ EfsFileSystemConfiguration({
+ this.fileSystemPolicy,
+ });
+
+ factory EfsFileSystemConfiguration.fromJson(Map json) {
+ return EfsFileSystemConfiguration(
+ fileSystemPolicy: json['fileSystemPolicy'] as String?,
+ );
+ }
+
+ Map toJson() {
+ final fileSystemPolicy = this.fileSystemPolicy;
+ return {
+ if (fileSystemPolicy != null) 'fileSystemPolicy': fileSystemPolicy,
+ };
+ }
+}
+
+/// Contains information about a finding.
+class Finding {
/// The time at which the resource was analyzed.
final DateTime analyzedAt;
@@ -1042,10 +2305,10 @@ class Finding {
/// The ID of the finding.
final String id;
- /// The AWS account ID that owns the resource.
+ /// The Amazon Web Services account ID that owns the resource.
final String resourceOwnerAccount;
- /// The type of the resource reported in the finding.
+ /// The type of the resource identified in the finding.
final ResourceType resourceType;
/// The current status of the finding.
@@ -1091,6 +2354,7 @@ class Finding {
this.resource,
this.sources,
});
+
factory Finding.fromJson(Map json) {
return Finding(
analyzedAt: nonNullableTimeStampFromJson(json['analyzedAt'] as Object),
@@ -1119,6 +2383,39 @@ class Finding {
}
}
+enum FindingChangeType {
+ changed,
+ $new,
+ unchanged,
+}
+
+extension FindingChangeTypeValueExtension on FindingChangeType {
+ String toValue() {
+ switch (this) {
+ case FindingChangeType.changed:
+ return 'CHANGED';
+ case FindingChangeType.$new:
+ return 'NEW';
+ case FindingChangeType.unchanged:
+ return 'UNCHANGED';
+ }
+ }
+}
+
+extension FindingChangeTypeFromString on String {
+ FindingChangeType toFindingChangeType() {
+ switch (this) {
+ case 'CHANGED':
+ return FindingChangeType.changed;
+ case 'NEW':
+ return FindingChangeType.$new;
+ case 'UNCHANGED':
+ return FindingChangeType.unchanged;
+ }
+ throw Exception('$this is not known in enum FindingChangeType');
+ }
+}
+
/// The source of the finding. This indicates how the access that generated the
/// finding is granted. It is populated for Amazon S3 bucket findings.
class FindingSource {
@@ -1133,6 +2430,7 @@ class FindingSource {
required this.type,
this.detail,
});
+
factory FindingSource.fromJson(Map json) {
return FindingSource(
type: (json['type'] as String).toFindingSourceType(),
@@ -1146,14 +2444,22 @@ class FindingSource {
/// Includes details about how the access that generated the finding is granted.
/// This is populated for Amazon S3 bucket findings.
class FindingSourceDetail {
- /// The ARN of the access point that generated the finding.
+ /// The account of the cross-account access point that generated the finding.
+ final String? accessPointAccount;
+
+ /// The ARN of the access point that generated the finding. The ARN format
+ /// depends on whether the ARN represents an access point or a multi-region
+ /// access point.
final String? accessPointArn;
FindingSourceDetail({
+ this.accessPointAccount,
this.accessPointArn,
});
+
factory FindingSourceDetail.fromJson(Map json) {
return FindingSourceDetail(
+ accessPointAccount: json['accessPointAccount'] as String?,
accessPointArn: json['accessPointArn'] as String?,
);
}
@@ -1163,6 +2469,7 @@ enum FindingSourceType {
policy,
bucketAcl,
s3AccessPoint,
+ s3AccessPointAccount,
}
extension FindingSourceTypeValueExtension on FindingSourceType {
@@ -1174,6 +2481,8 @@ extension FindingSourceTypeValueExtension on FindingSourceType {
return 'BUCKET_ACL';
case FindingSourceType.s3AccessPoint:
return 'S3_ACCESS_POINT';
+ case FindingSourceType.s3AccessPointAccount:
+ return 'S3_ACCESS_POINT_ACCOUNT';
}
}
}
@@ -1187,6 +2496,8 @@ extension FindingSourceTypeFromString on String {
return FindingSourceType.bucketAcl;
case 'S3_ACCESS_POINT':
return FindingSourceType.s3AccessPoint;
+ case 'S3_ACCESS_POINT_ACCOUNT':
+ return FindingSourceType.s3AccessPointAccount;
}
throw Exception('$this is not known in enum FindingSourceType');
}
@@ -1268,7 +2579,7 @@ class FindingSummary {
/// The ID of the finding.
final String id;
- /// The AWS account ID that owns the resource.
+ /// The Amazon Web Services account ID that owns the resource.
final String resourceOwnerAccount;
/// The type of the resource that the external principal has access to.
@@ -1318,6 +2629,7 @@ class FindingSummary {
this.resource,
this.sources,
});
+
factory FindingSummary.fromJson(Map json) {
return FindingSummary(
analyzedAt: nonNullableTimeStampFromJson(json['analyzedAt'] as Object),
@@ -1346,15 +2658,112 @@ class FindingSummary {
}
}
+/// Contains the text for the generated policy.
+class GeneratedPolicy {
+ /// The text to use as the content for the new policy. The policy is created
+ /// using the CreatePolicy
+ /// action.
+ final String policy;
+
+ GeneratedPolicy({
+ required this.policy,
+ });
+
+ factory GeneratedPolicy.fromJson(Map json) {
+ return GeneratedPolicy(
+ policy: json['policy'] as String,
+ );
+ }
+}
+
+/// Contains the generated policy details.
+class GeneratedPolicyProperties {
+ /// The ARN of the IAM entity (user or role) for which you are generating a
+ /// policy.
+ final String principalArn;
+
+ /// Lists details about the Trail used to generated policy.
+ final CloudTrailProperties? cloudTrailProperties;
+
+ /// This value is set to true if the generated policy contains all
+ /// possible actions for a service that IAM Access Analyzer identified from the
+ /// CloudTrail trail that you specified, and false otherwise.
+ final bool? isComplete;
+
+ GeneratedPolicyProperties({
+ required this.principalArn,
+ this.cloudTrailProperties,
+ this.isComplete,
+ });
+
+ factory GeneratedPolicyProperties.fromJson(Map json) {
+ return GeneratedPolicyProperties(
+ principalArn: json['principalArn'] as String,
+ cloudTrailProperties: json['cloudTrailProperties'] != null
+ ? CloudTrailProperties.fromJson(
+ json['cloudTrailProperties'] as Map)
+ : null,
+ isComplete: json['isComplete'] as bool?,
+ );
+ }
+}
+
+/// Contains the text for the generated policy and its details.
+class GeneratedPolicyResult {
+ /// A GeneratedPolicyProperties object that contains properties of
+ /// the generated policy.
+ final GeneratedPolicyProperties properties;
+
+ /// The text to use as the content for the new policy. The policy is created
+ /// using the CreatePolicy
+ /// action.
+ final List? generatedPolicies;
+
+ GeneratedPolicyResult({
+ required this.properties,
+ this.generatedPolicies,
+ });
+
+ factory GeneratedPolicyResult.fromJson(Map json) {
+ return GeneratedPolicyResult(
+ properties: GeneratedPolicyProperties.fromJson(
+ json['properties'] as Map),
+ generatedPolicies: (json['generatedPolicies'] as List?)
+ ?.whereNotNull()
+ .map((e) => GeneratedPolicy.fromJson(e as Map))
+ .toList(),
+ );
+ }
+}
+
+class GetAccessPreviewResponse {
+ /// An object that contains information about the access preview.
+ final AccessPreview accessPreview;
+
+ GetAccessPreviewResponse({
+ required this.accessPreview,
+ });
+
+ factory GetAccessPreviewResponse.fromJson(Map json) {
+ return GetAccessPreviewResponse(
+ accessPreview:
+ AccessPreview.fromJson(json['accessPreview'] as Map),
+ );
+ }
+}
+
/// The response to the request.
class GetAnalyzedResourceResponse {
- /// An AnalyedResource object that contains information that Access
- /// Analyzer found when it analyzed the resource.
+ /// An AnalyzedResource object that contains information that IAM
+ /// Access Analyzer found when it analyzed the resource.
final AnalyzedResource? resource;
GetAnalyzedResourceResponse({
this.resource,
});
+
factory GetAnalyzedResourceResponse.fromJson(Map json) {
return GetAnalyzedResourceResponse(
resource: json['resource'] != null
@@ -1373,6 +2782,7 @@ class GetAnalyzerResponse {
GetAnalyzerResponse({
required this.analyzer,
});
+
factory GetAnalyzerResponse.fromJson(Map json) {
return GetAnalyzerResponse(
analyzer:
@@ -1388,6 +2798,7 @@ class GetArchiveRuleResponse {
GetArchiveRuleResponse({
required this.archiveRule,
});
+
factory GetArchiveRuleResponse.fromJson(Map json) {
return GetArchiveRuleResponse(
archiveRule: ArchiveRuleSummary.fromJson(
@@ -1404,6 +2815,7 @@ class GetFindingResponse {
GetFindingResponse({
this.finding,
});
+
factory GetFindingResponse.fromJson(Map json) {
return GetFindingResponse(
finding: json['finding'] != null
@@ -1413,6 +2825,62 @@ class GetFindingResponse {
}
}
+class GetGeneratedPolicyResponse {
+ /// A GeneratedPolicyResult object that contains the generated
+ /// policies and associated details.
+ final GeneratedPolicyResult generatedPolicyResult;
+
+ /// A GeneratedPolicyDetails object that contains details about the
+ /// generated policy.
+ final JobDetails jobDetails;
+
+ GetGeneratedPolicyResponse({
+ required this.generatedPolicyResult,
+ required this.jobDetails,
+ });
+
+ factory GetGeneratedPolicyResponse.fromJson(Map json) {
+ return GetGeneratedPolicyResponse(
+ generatedPolicyResult: GeneratedPolicyResult.fromJson(
+ json['generatedPolicyResult'] as Map),
+ jobDetails:
+ JobDetails.fromJson(json['jobDetails'] as Map),
+ );
+ }
+}
+
+/// The proposed access control configuration for an IAM role. You can propose a
+/// configuration for a new IAM role or an existing IAM role that you own by
+/// specifying the trust policy. If the configuration is for a new IAM role, you
+/// must specify the trust policy. If the configuration is for an existing IAM
+/// role that you own and you do not propose the trust policy, the access
+/// preview uses the existing trust policy for the role. The proposed trust
+/// policy cannot be an empty string. For more information about role trust
+/// policy limits, see IAM
+/// and STS quotas.
+class IamRoleConfiguration {
+ /// The proposed trust policy for the IAM role.
+ final String? trustPolicy;
+
+ IamRoleConfiguration({
+ this.trustPolicy,
+ });
+
+ factory IamRoleConfiguration.fromJson(Map json) {
+ return IamRoleConfiguration(
+ trustPolicy: json['trustPolicy'] as String?,
+ );
+ }
+
+ Map toJson() {
+ final trustPolicy = this.trustPolicy;
+ return {
+ if (trustPolicy != null) 'trustPolicy': trustPolicy,
+ };
+ }
+}
+
/// An criterion statement in an archive rule. Each archive rule may have
/// multiple criteria.
class InlineArchiveRule {
@@ -1436,189 +2904,1190 @@ class InlineArchiveRule {
}
}
-/// The response to the request.
-class ListAnalyzedResourcesResponse {
- /// A list of resources that were analyzed.
- final List analyzedResources;
+/// This configuration sets the network origin for the Amazon S3 access point or
+/// multi-region access point to Internet.
+class InternetConfiguration {
+ InternetConfiguration();
- /// A token used for pagination of results returned.
- final String? nextToken;
+ factory InternetConfiguration.fromJson(Map _) {
+ return InternetConfiguration();
+ }
- ListAnalyzedResourcesResponse({
- required this.analyzedResources,
- this.nextToken,
- });
- factory ListAnalyzedResourcesResponse.fromJson(Map json) {
- return ListAnalyzedResourcesResponse(
- analyzedResources: (json['analyzedResources'] as List)
- .whereNotNull()
- .map((e) =>
- AnalyzedResourceSummary.fromJson(e as Map))
- .toList(),
- nextToken: json['nextToken'] as String?,
- );
+ Map toJson() {
+ return {};
}
}
-/// The response to the request.
-class ListAnalyzersResponse {
- /// The analyzers retrieved.
- final List analyzers;
+/// Contains details about the policy generation request.
+class JobDetails {
+ /// The JobId that is returned by the
+ /// StartPolicyGeneration operation. The JobId can be
+ /// used with GetGeneratedPolicy to retrieve the generated policies
+ /// or used with CancelPolicyGeneration to cancel the policy
+ /// generation request.
+ final String jobId;
- /// A token used for pagination of results returned.
- final String? nextToken;
+ /// A timestamp of when the job was started.
+ final DateTime startedOn;
- ListAnalyzersResponse({
- required this.analyzers,
- this.nextToken,
- });
- factory ListAnalyzersResponse.fromJson(Map json) {
- return ListAnalyzersResponse(
- analyzers: (json['analyzers'] as List)
- .whereNotNull()
- .map((e) => AnalyzerSummary.fromJson(e as Map))
- .toList(),
- nextToken: json['nextToken'] as String?,
- );
- }
-}
+ /// The status of the job request.
+ final JobStatus status;
-/// The response to the request.
-class ListArchiveRulesResponse {
- /// A list of archive rules created for the specified analyzer.
- final List archiveRules;
+ /// A timestamp of when the job was completed.
+ final DateTime? completedOn;
- /// A token used for pagination of results returned.
- final String? nextToken;
+ /// The job error for the policy generation request.
+ final JobError? jobError;
- ListArchiveRulesResponse({
- required this.archiveRules,
- this.nextToken,
+ JobDetails({
+ required this.jobId,
+ required this.startedOn,
+ required this.status,
+ this.completedOn,
+ this.jobError,
});
- factory ListArchiveRulesResponse.fromJson(Map json) {
- return ListArchiveRulesResponse(
- archiveRules: (json['archiveRules'] as List)
- .whereNotNull()
- .map((e) => ArchiveRuleSummary.fromJson(e as Map))
- .toList(),
- nextToken: json['nextToken'] as String?,
+
+ factory JobDetails.fromJson(Map json) {
+ return JobDetails(
+ jobId: json['jobId'] as String,
+ startedOn: nonNullableTimeStampFromJson(json['startedOn'] as Object),
+ status: (json['status'] as String).toJobStatus(),
+ completedOn: timeStampFromJson(json['completedOn']),
+ jobError: json['jobError'] != null
+ ? JobError.fromJson(json['jobError'] as Map)
+ : null,
);
}
}
-/// The response to the request.
-class ListFindingsResponse {
- /// A list of findings retrieved from the analyzer that match the filter
- /// criteria specified, if any.
- final List findings;
+/// Contains the details about the policy generation error.
+class JobError {
+ /// The job error code.
+ final JobErrorCode code;
- /// A token used for pagination of results returned.
- final String? nextToken;
+ /// Specific information about the error. For example, which service quota was
+ /// exceeded or which resource was not found.
+ final String message;
- ListFindingsResponse({
- required this.findings,
- this.nextToken,
+ JobError({
+ required this.code,
+ required this.message,
});
- factory ListFindingsResponse.fromJson(Map json) {
- return ListFindingsResponse(
- findings: (json['findings'] as List)
- .whereNotNull()
- .map((e) => FindingSummary.fromJson(e as Map))
- .toList(),
- nextToken: json['nextToken'] as String?,
- );
- }
-}
-/// The response to the request.
-class ListTagsForResourceResponse {
- /// The tags that are applied to the specified resource.
- final Map? tags;
-
- ListTagsForResourceResponse({
- this.tags,
- });
- factory ListTagsForResourceResponse.fromJson(Map json) {
- return ListTagsForResourceResponse(
- tags: (json['tags'] as Map?)
- ?.map((k, e) => MapEntry(k, e as String)),
+ factory JobError.fromJson(Map json) {
+ return JobError(
+ code: (json['code'] as String).toJobErrorCode(),
+ message: json['message'] as String,
);
}
}
-enum OrderBy {
- asc,
- desc,
+enum JobErrorCode {
+ authorizationError,
+ resourceNotFoundError,
+ serviceQuotaExceededError,
+ serviceError,
}
-extension OrderByValueExtension on OrderBy {
+extension JobErrorCodeValueExtension on JobErrorCode {
String toValue() {
switch (this) {
- case OrderBy.asc:
- return 'ASC';
- case OrderBy.desc:
- return 'DESC';
+ case JobErrorCode.authorizationError:
+ return 'AUTHORIZATION_ERROR';
+ case JobErrorCode.resourceNotFoundError:
+ return 'RESOURCE_NOT_FOUND_ERROR';
+ case JobErrorCode.serviceQuotaExceededError:
+ return 'SERVICE_QUOTA_EXCEEDED_ERROR';
+ case JobErrorCode.serviceError:
+ return 'SERVICE_ERROR';
}
}
}
-extension OrderByFromString on String {
- OrderBy toOrderBy() {
+extension JobErrorCodeFromString on String {
+ JobErrorCode toJobErrorCode() {
switch (this) {
- case 'ASC':
- return OrderBy.asc;
- case 'DESC':
- return OrderBy.desc;
+ case 'AUTHORIZATION_ERROR':
+ return JobErrorCode.authorizationError;
+ case 'RESOURCE_NOT_FOUND_ERROR':
+ return JobErrorCode.resourceNotFoundError;
+ case 'SERVICE_QUOTA_EXCEEDED_ERROR':
+ return JobErrorCode.serviceQuotaExceededError;
+ case 'SERVICE_ERROR':
+ return JobErrorCode.serviceError;
}
- throw Exception('$this is not known in enum OrderBy');
+ throw Exception('$this is not known in enum JobErrorCode');
}
}
-enum ReasonCode {
- awsServiceAccessDisabled,
- delegatedAdministratorDeregistered,
- organizationDeleted,
- serviceLinkedRoleCreationFailed,
+enum JobStatus {
+ inProgress,
+ succeeded,
+ failed,
+ canceled,
}
-extension ReasonCodeValueExtension on ReasonCode {
+extension JobStatusValueExtension on JobStatus {
String toValue() {
switch (this) {
- case ReasonCode.awsServiceAccessDisabled:
- return 'AWS_SERVICE_ACCESS_DISABLED';
- case ReasonCode.delegatedAdministratorDeregistered:
- return 'DELEGATED_ADMINISTRATOR_DEREGISTERED';
- case ReasonCode.organizationDeleted:
- return 'ORGANIZATION_DELETED';
- case ReasonCode.serviceLinkedRoleCreationFailed:
- return 'SERVICE_LINKED_ROLE_CREATION_FAILED';
+ case JobStatus.inProgress:
+ return 'IN_PROGRESS';
+ case JobStatus.succeeded:
+ return 'SUCCEEDED';
+ case JobStatus.failed:
+ return 'FAILED';
+ case JobStatus.canceled:
+ return 'CANCELED';
}
}
}
-extension ReasonCodeFromString on String {
- ReasonCode toReasonCode() {
+extension JobStatusFromString on String {
+ JobStatus toJobStatus() {
switch (this) {
- case 'AWS_SERVICE_ACCESS_DISABLED':
- return ReasonCode.awsServiceAccessDisabled;
- case 'DELEGATED_ADMINISTRATOR_DEREGISTERED':
- return ReasonCode.delegatedAdministratorDeregistered;
- case 'ORGANIZATION_DELETED':
- return ReasonCode.organizationDeleted;
- case 'SERVICE_LINKED_ROLE_CREATION_FAILED':
- return ReasonCode.serviceLinkedRoleCreationFailed;
+ case 'IN_PROGRESS':
+ return JobStatus.inProgress;
+ case 'SUCCEEDED':
+ return JobStatus.succeeded;
+ case 'FAILED':
+ return JobStatus.failed;
+ case 'CANCELED':
+ return JobStatus.canceled;
}
- throw Exception('$this is not known in enum ReasonCode');
+ throw Exception('$this is not known in enum JobStatus');
}
}
-enum ResourceType {
+/// A proposed grant configuration for a KMS key. For more information, see CreateGrant.
+class KmsGrantConfiguration {
+ /// The principal that is given permission to perform the operations that the
+ /// grant permits.
+ final String granteePrincipal;
+
+ /// The Amazon Web Services account under which the grant was issued. The
+ /// account is used to propose KMS grants issued by accounts other than the
+ /// owner of the key.
+ final String issuingAccount;
+
+ /// A list of operations that the grant permits.
+ final List operations;
+
+ /// Use this structure to propose allowing cryptographic
+ /// operations in the grant only when the operation request includes the
+ /// specified encryption
+ /// context.
+ final KmsGrantConstraints? constraints;
+
+ /// The principal that is given permission to retire the grant by using RetireGrant
+ /// operation.
+ final String? retiringPrincipal;
+
+ KmsGrantConfiguration({
+ required this.granteePrincipal,
+ required this.issuingAccount,
+ required this.operations,
+ this.constraints,
+ this.retiringPrincipal,
+ });
+
+ factory KmsGrantConfiguration.fromJson(Map json) {
+ return KmsGrantConfiguration(
+ granteePrincipal: json['granteePrincipal'] as String,
+ issuingAccount: json['issuingAccount'] as String,
+ operations: (json['operations'] as List)
+ .whereNotNull()
+ .map((e) => (e as String).toKmsGrantOperation())
+ .toList(),
+ constraints: json['constraints'] != null
+ ? KmsGrantConstraints.fromJson(
+ json['constraints'] as Map)
+ : null,
+ retiringPrincipal: json['retiringPrincipal'] as String?,
+ );
+ }
+
+ Map toJson() {
+ final granteePrincipal = this.granteePrincipal;
+ final issuingAccount = this.issuingAccount;
+ final operations = this.operations;
+ final constraints = this.constraints;
+ final retiringPrincipal = this.retiringPrincipal;
+ return {
+ 'granteePrincipal': granteePrincipal,
+ 'issuingAccount': issuingAccount,
+ 'operations': operations.map((e) => e.toValue()).toList(),
+ if (constraints != null) 'constraints': constraints,
+ if (retiringPrincipal != null) 'retiringPrincipal': retiringPrincipal,
+ };
+ }
+}
+
+/// Use this structure to propose allowing cryptographic
+/// operations in the grant only when the operation request includes the
+/// specified encryption
+/// context. You can specify only one type of encryption context. An empty
+/// map is treated as not specified. For more information, see GrantConstraints.
+class KmsGrantConstraints {
+ /// A list of key-value pairs that must match the encryption context in the cryptographic
+ /// operation request. The grant allows the operation only when the
+ /// encryption context in the request is the same as the encryption context
+ /// specified in this constraint.
+ final Map? encryptionContextEquals;
+
+ /// A list of key-value pairs that must be included in the encryption context of
+ /// the cryptographic
+ /// operation request. The grant allows the cryptographic operation only
+ /// when the encryption context in the request includes the key-value pairs
+ /// specified in this constraint, although it can include additional key-value
+ /// pairs.
+ final Map? encryptionContextSubset;
+
+ KmsGrantConstraints({
+ this.encryptionContextEquals,
+ this.encryptionContextSubset,
+ });
+
+ factory KmsGrantConstraints.fromJson(Map json) {
+ return KmsGrantConstraints(
+ encryptionContextEquals:
+ (json['encryptionContextEquals'] as Map?)
+ ?.map((k, e) => MapEntry(k, e as String)),
+ encryptionContextSubset:
+ (json['encryptionContextSubset'] as Map?)
+ ?.map((k, e) => MapEntry(k, e as String)),
+ );
+ }
+
+ Map toJson() {
+ final encryptionContextEquals = this.encryptionContextEquals;
+ final encryptionContextSubset = this.encryptionContextSubset;
+ return {
+ if (encryptionContextEquals != null)
+ 'encryptionContextEquals': encryptionContextEquals,
+ if (encryptionContextSubset != null)
+ 'encryptionContextSubset': encryptionContextSubset,
+ };
+ }
+}
+
+enum KmsGrantOperation {
+ createGrant,
+ decrypt,
+ describeKey,
+ encrypt,
+ generateDataKey,
+ generateDataKeyPair,
+ generateDataKeyPairWithoutPlaintext,
+ generateDataKeyWithoutPlaintext,
+ getPublicKey,
+ reEncryptFrom,
+ reEncryptTo,
+ retireGrant,
+ sign,
+ verify,
+}
+
+extension KmsGrantOperationValueExtension on KmsGrantOperation {
+ String toValue() {
+ switch (this) {
+ case KmsGrantOperation.createGrant:
+ return 'CreateGrant';
+ case KmsGrantOperation.decrypt:
+ return 'Decrypt';
+ case KmsGrantOperation.describeKey:
+ return 'DescribeKey';
+ case KmsGrantOperation.encrypt:
+ return 'Encrypt';
+ case KmsGrantOperation.generateDataKey:
+ return 'GenerateDataKey';
+ case KmsGrantOperation.generateDataKeyPair:
+ return 'GenerateDataKeyPair';
+ case KmsGrantOperation.generateDataKeyPairWithoutPlaintext:
+ return 'GenerateDataKeyPairWithoutPlaintext';
+ case KmsGrantOperation.generateDataKeyWithoutPlaintext:
+ return 'GenerateDataKeyWithoutPlaintext';
+ case KmsGrantOperation.getPublicKey:
+ return 'GetPublicKey';
+ case KmsGrantOperation.reEncryptFrom:
+ return 'ReEncryptFrom';
+ case KmsGrantOperation.reEncryptTo:
+ return 'ReEncryptTo';
+ case KmsGrantOperation.retireGrant:
+ return 'RetireGrant';
+ case KmsGrantOperation.sign:
+ return 'Sign';
+ case KmsGrantOperation.verify:
+ return 'Verify';
+ }
+ }
+}
+
+extension KmsGrantOperationFromString on String {
+ KmsGrantOperation toKmsGrantOperation() {
+ switch (this) {
+ case 'CreateGrant':
+ return KmsGrantOperation.createGrant;
+ case 'Decrypt':
+ return KmsGrantOperation.decrypt;
+ case 'DescribeKey':
+ return KmsGrantOperation.describeKey;
+ case 'Encrypt':
+ return KmsGrantOperation.encrypt;
+ case 'GenerateDataKey':
+ return KmsGrantOperation.generateDataKey;
+ case 'GenerateDataKeyPair':
+ return KmsGrantOperation.generateDataKeyPair;
+ case 'GenerateDataKeyPairWithoutPlaintext':
+ return KmsGrantOperation.generateDataKeyPairWithoutPlaintext;
+ case 'GenerateDataKeyWithoutPlaintext':
+ return KmsGrantOperation.generateDataKeyWithoutPlaintext;
+ case 'GetPublicKey':
+ return KmsGrantOperation.getPublicKey;
+ case 'ReEncryptFrom':
+ return KmsGrantOperation.reEncryptFrom;
+ case 'ReEncryptTo':
+ return KmsGrantOperation.reEncryptTo;
+ case 'RetireGrant':
+ return KmsGrantOperation.retireGrant;
+ case 'Sign':
+ return KmsGrantOperation.sign;
+ case 'Verify':
+ return KmsGrantOperation.verify;
+ }
+ throw Exception('$this is not known in enum KmsGrantOperation');
+ }
+}
+
+/// Proposed access control configuration for a KMS key. You can propose a
+/// configuration for a new KMS key or an existing KMS key that you own by
+/// specifying the key policy and KMS grant configuration. If the configuration
+/// is for an existing key and you do not specify the key policy, the access
+/// preview uses the existing policy for the key. If the access preview is for a
+/// new resource and you do not specify the key policy, then the access preview
+/// uses the default key policy. The proposed key policy cannot be an empty
+/// string. For more information, see Default
+/// key policy. For more information about key policy limits, see Resource
+/// quotas.
+///
+class KmsKeyConfiguration {
+ /// A list of proposed grant configurations for the KMS key. If the proposed
+ /// grant configuration is for an existing key, the access preview uses the
+ /// proposed list of grant configurations in place of the existing grants.
+ /// Otherwise, the access preview uses the existing grants for the key.
+ final List? grants;
+
+ /// Resource policy configuration for the KMS key. The only valid value for the
+ /// name of the key policy is default. For more information, see Default
+ /// key policy.
+ final Map? keyPolicies;
+
+ KmsKeyConfiguration({
+ this.grants,
+ this.keyPolicies,
+ });
+
+ factory KmsKeyConfiguration.fromJson(Map json) {
+ return KmsKeyConfiguration(
+ grants: (json['grants'] as List?)
+ ?.whereNotNull()
+ .map((e) => KmsGrantConfiguration.fromJson(e as Map))
+ .toList(),
+ keyPolicies: (json['keyPolicies'] as Map?)
+ ?.map((k, e) => MapEntry(k, e as String)),
+ );
+ }
+
+ Map toJson() {
+ final grants = this.grants;
+ final keyPolicies = this.keyPolicies;
+ return {
+ if (grants != null) 'grants': grants,
+ if (keyPolicies != null) 'keyPolicies': keyPolicies,
+ };
+ }
+}
+
+class ListAccessPreviewFindingsResponse {
+ /// A list of access preview findings that match the specified filter criteria.
+ final List findings;
+
+ /// A token used for pagination of results returned.
+ final String? nextToken;
+
+ ListAccessPreviewFindingsResponse({
+ required this.findings,
+ this.nextToken,
+ });
+
+ factory ListAccessPreviewFindingsResponse.fromJson(
+ Map json) {
+ return ListAccessPreviewFindingsResponse(
+ findings: (json['findings'] as List)
+ .whereNotNull()
+ .map((e) => AccessPreviewFinding.fromJson(e as Map))
+ .toList(),
+ nextToken: json['nextToken'] as String?,
+ );
+ }
+}
+
+class ListAccessPreviewsResponse {
+ /// A list of access previews retrieved for the analyzer.
+ final List accessPreviews;
+
+ /// A token used for pagination of results returned.
+ final String? nextToken;
+
+ ListAccessPreviewsResponse({
+ required this.accessPreviews,
+ this.nextToken,
+ });
+
+ factory ListAccessPreviewsResponse.fromJson(Map json) {
+ return ListAccessPreviewsResponse(
+ accessPreviews: (json['accessPreviews'] as List)
+ .whereNotNull()
+ .map((e) => AccessPreviewSummary.fromJson(e as Map))
+ .toList(),
+ nextToken: json['nextToken'] as String?,
+ );
+ }
+}
+
+/// The response to the request.
+class ListAnalyzedResourcesResponse {
+ /// A list of resources that were analyzed.
+ final List analyzedResources;
+
+ /// A token used for pagination of results returned.
+ final String? nextToken;
+
+ ListAnalyzedResourcesResponse({
+ required this.analyzedResources,
+ this.nextToken,
+ });
+
+ factory ListAnalyzedResourcesResponse.fromJson(Map json) {
+ return ListAnalyzedResourcesResponse(
+ analyzedResources: (json['analyzedResources'] as List)
+ .whereNotNull()
+ .map((e) =>
+ AnalyzedResourceSummary.fromJson(e as Map))
+ .toList(),
+ nextToken: json['nextToken'] as String?,
+ );
+ }
+}
+
+/// The response to the request.
+class ListAnalyzersResponse {
+ /// The analyzers retrieved.
+ final List analyzers;
+
+ /// A token used for pagination of results returned.
+ final String? nextToken;
+
+ ListAnalyzersResponse({
+ required this.analyzers,
+ this.nextToken,
+ });
+
+ factory ListAnalyzersResponse.fromJson(Map json) {
+ return ListAnalyzersResponse(
+ analyzers: (json['analyzers'] as List)
+ .whereNotNull()
+ .map((e) => AnalyzerSummary.fromJson(e as Map))
+ .toList(),
+ nextToken: json['nextToken'] as String?,
+ );
+ }
+}
+
+/// The response to the request.
+class ListArchiveRulesResponse {
+ /// A list of archive rules created for the specified analyzer.
+ final List archiveRules;
+
+ /// A token used for pagination of results returned.
+ final String? nextToken;
+
+ ListArchiveRulesResponse({
+ required this.archiveRules,
+ this.nextToken,
+ });
+
+ factory ListArchiveRulesResponse.fromJson(Map json) {
+ return ListArchiveRulesResponse(
+ archiveRules: (json['archiveRules'] as List)
+ .whereNotNull()
+ .map((e) => ArchiveRuleSummary.fromJson(e as Map))
+ .toList(),
+ nextToken: json['nextToken'] as String?,
+ );
+ }
+}
+
+/// The response to the request.
+class ListFindingsResponse {
+ /// A list of findings retrieved from the analyzer that match the filter
+ /// criteria specified, if any.
+ final List findings;
+
+ /// A token used for pagination of results returned.
+ final String? nextToken;
+
+ ListFindingsResponse({
+ required this.findings,
+ this.nextToken,
+ });
+
+ factory ListFindingsResponse.fromJson(Map json) {
+ return ListFindingsResponse(
+ findings: (json['findings'] as List)
+ .whereNotNull()
+ .map((e) => FindingSummary.fromJson(e as Map))
+ .toList(),
+ nextToken: json['nextToken'] as String?,
+ );
+ }
+}
+
+class ListPolicyGenerationsResponse {
+ /// A PolicyGeneration object that contains details about the
+ /// generated policy.
+ final List policyGenerations;
+
+ /// A token used for pagination of results returned.
+ final String? nextToken;
+
+ ListPolicyGenerationsResponse({
+ required this.policyGenerations,
+ this.nextToken,
+ });
+
+ factory ListPolicyGenerationsResponse.fromJson(Map json) {
+ return ListPolicyGenerationsResponse(
+ policyGenerations: (json['policyGenerations'] as List)
+ .whereNotNull()
+ .map((e) => PolicyGeneration.fromJson(e as Map))
+ .toList(),
+ nextToken: json['nextToken'] as String?,
+ );
+ }
+}
+
+/// The response to the request.
+class ListTagsForResourceResponse {
+ /// The tags that are applied to the specified resource.
+ final Map? tags;
+
+ ListTagsForResourceResponse({
+ this.tags,
+ });
+
+ factory ListTagsForResourceResponse.fromJson(Map json) {
+ return ListTagsForResourceResponse(
+ tags: (json['tags'] as Map?)
+ ?.map((k, e) => MapEntry(k, e as String)),
+ );
+ }
+}
+
+enum Locale {
+ de,
+ en,
+ es,
+ fr,
+ it,
+ ja,
+ ko,
+ ptBr,
+ zhCn,
+ zhTw,
+}
+
+extension LocaleValueExtension on Locale {
+ String toValue() {
+ switch (this) {
+ case Locale.de:
+ return 'DE';
+ case Locale.en:
+ return 'EN';
+ case Locale.es:
+ return 'ES';
+ case Locale.fr:
+ return 'FR';
+ case Locale.it:
+ return 'IT';
+ case Locale.ja:
+ return 'JA';
+ case Locale.ko:
+ return 'KO';
+ case Locale.ptBr:
+ return 'PT_BR';
+ case Locale.zhCn:
+ return 'ZH_CN';
+ case Locale.zhTw:
+ return 'ZH_TW';
+ }
+ }
+}
+
+extension LocaleFromString on String {
+ Locale toLocale() {
+ switch (this) {
+ case 'DE':
+ return Locale.de;
+ case 'EN':
+ return Locale.en;
+ case 'ES':
+ return Locale.es;
+ case 'FR':
+ return Locale.fr;
+ case 'IT':
+ return Locale.it;
+ case 'JA':
+ return Locale.ja;
+ case 'KO':
+ return Locale.ko;
+ case 'PT_BR':
+ return Locale.ptBr;
+ case 'ZH_CN':
+ return Locale.zhCn;
+ case 'ZH_TW':
+ return Locale.zhTw;
+ }
+ throw Exception('$this is not known in enum Locale');
+ }
+}
+
+/// A location in a policy that is represented as a path through the JSON
+/// representation and a corresponding span.
+class Location {
+ /// A path in a policy, represented as a sequence of path elements.
+ final List path;
+
+ /// A span in a policy.
+ final Span span;
+
+ Location({
+ required this.path,
+ required this.span,
+ });
+
+ factory Location.fromJson(Map json) {
+ return Location(
+ path: (json['path'] as List)
+ .whereNotNull()
+ .map((e) => PathElement.fromJson(e as Map))
+ .toList(),
+ span: Span.fromJson(json['span'] as Map),
+ );
+ }
+}
+
+/// The proposed InternetConfiguration or
+/// VpcConfiguration to apply to the Amazon S3 access point.
+/// VpcConfiguration does not apply to multi-region access points.
+/// You can make the access point accessible from the internet, or you can
+/// specify that all requests made through that access point must originate from
+/// a specific virtual private cloud (VPC). You can specify only one type of
+/// network configuration. For more information, see Creating
+/// access points.
+class NetworkOriginConfiguration {
+ /// The configuration for the Amazon S3 access point or multi-region access
+ /// point with an Internet origin.
+ final InternetConfiguration? internetConfiguration;
+ final VpcConfiguration? vpcConfiguration;
+
+ NetworkOriginConfiguration({
+ this.internetConfiguration,
+ this.vpcConfiguration,
+ });
+
+ factory NetworkOriginConfiguration.fromJson(Map json) {
+ return NetworkOriginConfiguration(
+ internetConfiguration: json['internetConfiguration'] != null
+ ? InternetConfiguration.fromJson(
+ json['internetConfiguration'] as Map)
+ : null,
+ vpcConfiguration: json['vpcConfiguration'] != null
+ ? VpcConfiguration.fromJson(
+ json['vpcConfiguration'] as Map)
+ : null,
+ );
+ }
+
+ Map toJson() {
+ final internetConfiguration = this.internetConfiguration;
+ final vpcConfiguration = this.vpcConfiguration;
+ return {
+ if (internetConfiguration != null)
+ 'internetConfiguration': internetConfiguration,
+ if (vpcConfiguration != null) 'vpcConfiguration': vpcConfiguration,
+ };
+ }
+}
+
+enum OrderBy {
+ asc,
+ desc,
+}
+
+extension OrderByValueExtension on OrderBy {
+ String toValue() {
+ switch (this) {
+ case OrderBy.asc:
+ return 'ASC';
+ case OrderBy.desc:
+ return 'DESC';
+ }
+ }
+}
+
+extension OrderByFromString on String {
+ OrderBy toOrderBy() {
+ switch (this) {
+ case 'ASC':
+ return OrderBy.asc;
+ case 'DESC':
+ return OrderBy.desc;
+ }
+ throw Exception('$this is not known in enum OrderBy');
+ }
+}
+
+/// A single element in a path through the JSON representation of a policy.
+class PathElement {
+ /// Refers to an index in a JSON array.
+ final int? index;
+
+ /// Refers to a key in a JSON object.
+ final String? key;
+
+ /// Refers to a substring of a literal string in a JSON object.
+ final Substring? substring;
+
+ /// Refers to the value associated with a given key in a JSON object.
+ final String? value;
+
+ PathElement({
+ this.index,
+ this.key,
+ this.substring,
+ this.value,
+ });
+
+ factory PathElement.fromJson(Map json) {
+ return PathElement(
+ index: json['index'] as int?,
+ key: json['key'] as String?,
+ substring: json['substring'] != null
+ ? Substring.fromJson(json['substring'] as Map)
+ : null,
+ value: json['value'] as String?,
+ );
+ }
+}
+
+/// Contains details about the policy generation status and properties.
+class PolicyGeneration {
+ /// The JobId that is returned by the
+ /// StartPolicyGeneration operation. The JobId can be
+ /// used with GetGeneratedPolicy to retrieve the generated policies
+ /// or used with CancelPolicyGeneration to cancel the policy
+ /// generation request.
+ final String jobId;
+
+ /// The ARN of the IAM entity (user or role) for which you are generating a
+ /// policy.
+ final String principalArn;
+
+ /// A timestamp of when the policy generation started.
+ final DateTime startedOn;
+
+ /// The status of the policy generation request.
+ final JobStatus status;
+
+ /// A timestamp of when the policy generation was completed.
+ final DateTime? completedOn;
+
+ PolicyGeneration({
+ required this.jobId,
+ required this.principalArn,
+ required this.startedOn,
+ required this.status,
+ this.completedOn,
+ });
+
+ factory PolicyGeneration.fromJson(Map json) {
+ return PolicyGeneration(
+ jobId: json['jobId'] as String,
+ principalArn: json['principalArn'] as String,
+ startedOn: nonNullableTimeStampFromJson(json['startedOn'] as Object),
+ status: (json['status'] as String).toJobStatus(),
+ completedOn: timeStampFromJson(json['completedOn']),
+ );
+ }
+}
+
+/// Contains the ARN details about the IAM entity for which the policy is
+/// generated.
+class PolicyGenerationDetails {
+ /// The ARN of the IAM entity (user or role) for which you are generating a
+ /// policy.
+ final String principalArn;
+
+ PolicyGenerationDetails({
+ required this.principalArn,
+ });
+ Map toJson() {
+ final principalArn = this.principalArn;
+ return {
+ 'principalArn': principalArn,
+ };
+ }
+}
+
+enum PolicyType {
+ identityPolicy,
+ resourcePolicy,
+ serviceControlPolicy,
+}
+
+extension PolicyTypeValueExtension on PolicyType {
+ String toValue() {
+ switch (this) {
+ case PolicyType.identityPolicy:
+ return 'IDENTITY_POLICY';
+ case PolicyType.resourcePolicy:
+ return 'RESOURCE_POLICY';
+ case PolicyType.serviceControlPolicy:
+ return 'SERVICE_CONTROL_POLICY';
+ }
+ }
+}
+
+extension PolicyTypeFromString on String {
+ PolicyType toPolicyType() {
+ switch (this) {
+ case 'IDENTITY_POLICY':
+ return PolicyType.identityPolicy;
+ case 'RESOURCE_POLICY':
+ return PolicyType.resourcePolicy;
+ case 'SERVICE_CONTROL_POLICY':
+ return PolicyType.serviceControlPolicy;
+ }
+ throw Exception('$this is not known in enum PolicyType');
+ }
+}
+
+/// A position in a policy.
+class Position {
+ /// The column of the position, starting from 0.
+ final int column;
+
+ /// The line of the position, starting from 1.
+ final int line;
+
+ /// The offset within the policy that corresponds to the position, starting from
+ /// 0.
+ final int offset;
+
+ Position({
+ required this.column,
+ required this.line,
+ required this.offset,
+ });
+
+ factory Position.fromJson(Map json) {
+ return Position(
+ column: json['column'] as int,
+ line: json['line'] as int,
+ offset: json['offset'] as int,
+ );
+ }
+}
+
+/// The values for a manual Amazon RDS DB cluster snapshot attribute.
+class RdsDbClusterSnapshotAttributeValue {
+ /// The Amazon Web Services account IDs that have access to the manual Amazon
+ /// RDS DB cluster snapshot. If the value all is specified, then
+ /// the Amazon RDS DB cluster snapshot is public and can be copied or restored
+ /// by all Amazon Web Services accounts.
+ ///
+ ///
+ /// -
+ /// If the configuration is for an existing Amazon RDS DB cluster snapshot and
+ /// you do not specify the
accountIds in
+ /// RdsDbClusterSnapshotAttributeValue, then the access preview
+ /// uses the existing shared accountIds for the snapshot.
+ ///
+ /// -
+ /// If the access preview is for a new resource and you do not specify the
+ /// specify the
accountIds in
+ /// RdsDbClusterSnapshotAttributeValue, then the access preview
+ /// considers the snapshot without any attributes.
+ ///
+ /// -
+ /// To propose deletion of existing shared
accountIds, you can
+ /// specify an empty list for accountIds in the
+ /// RdsDbClusterSnapshotAttributeValue.
+ ///
+ ///
+ final List? accountIds;
+
+ RdsDbClusterSnapshotAttributeValue({
+ this.accountIds,
+ });
+
+ factory RdsDbClusterSnapshotAttributeValue.fromJson(
+ Map json) {
+ return RdsDbClusterSnapshotAttributeValue(
+ accountIds: (json['accountIds'] as List?)
+ ?.whereNotNull()
+ .map((e) => e as String)
+ .toList(),
+ );
+ }
+
+ Map toJson() {
+ final accountIds = this.accountIds;
+ return {
+ if (accountIds != null) 'accountIds': accountIds,
+ };
+ }
+}
+
+/// The proposed access control configuration for an Amazon RDS DB cluster
+/// snapshot. You can propose a configuration for a new Amazon RDS DB cluster
+/// snapshot or an Amazon RDS DB cluster snapshot that you own by specifying the
+/// RdsDbClusterSnapshotAttributeValue and optional KMS encryption
+/// key. For more information, see ModifyDBClusterSnapshotAttribute.
+class RdsDbClusterSnapshotConfiguration {
+ /// The names and values of manual DB cluster snapshot attributes. Manual DB
+ /// cluster snapshot attributes are used to authorize other Amazon Web Services
+ /// accounts to restore a manual DB cluster snapshot. The only valid value for
+ /// AttributeName for the attribute map is restore
+ final Map? attributes;
+
+ /// The KMS key identifier for an encrypted Amazon RDS DB cluster snapshot. The
+ /// KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the
+ /// KMS key.
+ ///
+ ///
+ /// -
+ /// If the configuration is for an existing Amazon RDS DB cluster snapshot and
+ /// you do not specify the
kmsKeyId, or you specify an empty
+ /// string, then the access preview uses the existing kmsKeyId of
+ /// the snapshot.
+ ///
+ /// -
+ /// If the access preview is for a new resource and you do not specify the
+ /// specify the
kmsKeyId, then the access preview considers the
+ /// snapshot as unencrypted.
+ ///
+ ///
+ final String? kmsKeyId;
+
+ RdsDbClusterSnapshotConfiguration({
+ this.attributes,
+ this.kmsKeyId,
+ });
+
+ factory RdsDbClusterSnapshotConfiguration.fromJson(
+ Map json) {
+ return RdsDbClusterSnapshotConfiguration(
+ attributes: (json['attributes'] as Map?)?.map((k, e) =>
+ MapEntry(
+ k,
+ RdsDbClusterSnapshotAttributeValue.fromJson(
+ e as Map))),
+ kmsKeyId: json['kmsKeyId'] as String?,
+ );
+ }
+
+ Map toJson() {
+ final attributes = this.attributes;
+ final kmsKeyId = this.kmsKeyId;
+ return {
+ if (attributes != null) 'attributes': attributes,
+ if (kmsKeyId != null) 'kmsKeyId': kmsKeyId,
+ };
+ }
+}
+
+/// The name and values of a manual Amazon RDS DB snapshot attribute. Manual DB
+/// snapshot attributes are used to authorize other Amazon Web Services accounts
+/// to restore a manual DB snapshot.
+class RdsDbSnapshotAttributeValue {
+ /// The Amazon Web Services account IDs that have access to the manual Amazon
+ /// RDS DB snapshot. If the value all is specified, then the Amazon
+ /// RDS DB snapshot is public and can be copied or restored by all Amazon Web
+ /// Services accounts.
+ ///
+ ///
+ /// -
+ /// If the configuration is for an existing Amazon RDS DB snapshot and you do
+ /// not specify the
accountIds in
+ /// RdsDbSnapshotAttributeValue, then the access preview uses the
+ /// existing shared accountIds for the snapshot.
+ ///
+ /// -
+ /// If the access preview is for a new resource and you do not specify the
+ /// specify the
accountIds in
+ /// RdsDbSnapshotAttributeValue, then the access preview considers
+ /// the snapshot without any attributes.
+ ///
+ /// -
+ /// To propose deletion of an existing shared
accountIds, you can
+ /// specify an empty list for accountIds in the
+ /// RdsDbSnapshotAttributeValue.
+ ///
+ ///
+ final List? accountIds;
+
+ RdsDbSnapshotAttributeValue({
+ this.accountIds,
+ });
+
+ factory RdsDbSnapshotAttributeValue.fromJson(Map json) {
+ return RdsDbSnapshotAttributeValue(
+ accountIds: (json['accountIds'] as List?)
+ ?.whereNotNull()
+ .map((e) => e as String)
+ .toList(),
+ );
+ }
+
+ Map toJson() {
+ final accountIds = this.accountIds;
+ return {
+ if (accountIds != null) 'accountIds': accountIds,
+ };
+ }
+}
+
+/// The proposed access control configuration for an Amazon RDS DB snapshot. You
+/// can propose a configuration for a new Amazon RDS DB snapshot or an Amazon
+/// RDS DB snapshot that you own by specifying the
+/// RdsDbSnapshotAttributeValue and optional KMS encryption key.
+/// For more information, see ModifyDBSnapshotAttribute.
+class RdsDbSnapshotConfiguration {
+ /// The names and values of manual DB snapshot attributes. Manual DB snapshot
+ /// attributes are used to authorize other Amazon Web Services accounts to
+ /// restore a manual DB snapshot. The only valid value for
+ /// attributeName for the attribute map is restore.
+ final Map? attributes;
+
+ /// The KMS key identifier for an encrypted Amazon RDS DB snapshot. The KMS key
+ /// identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
+ ///
+ ///
+ /// -
+ /// If the configuration is for an existing Amazon RDS DB snapshot and you do
+ /// not specify the
kmsKeyId, or you specify an empty string, then
+ /// the access preview uses the existing kmsKeyId of the snapshot.
+ ///
+ /// -
+ /// If the access preview is for a new resource and you do not specify the
+ /// specify the
kmsKeyId, then the access preview considers the
+ /// snapshot as unencrypted.
+ ///
+ ///
+ final String? kmsKeyId;
+
+ RdsDbSnapshotConfiguration({
+ this.attributes,
+ this.kmsKeyId,
+ });
+
+ factory RdsDbSnapshotConfiguration.fromJson(Map json) {
+ return RdsDbSnapshotConfiguration(
+ attributes: (json['attributes'] as Map?)?.map((k, e) =>
+ MapEntry(k,
+ RdsDbSnapshotAttributeValue.fromJson(e as Map))),
+ kmsKeyId: json['kmsKeyId'] as String?,
+ );
+ }
+
+ Map toJson() {
+ final attributes = this.attributes;
+ final kmsKeyId = this.kmsKeyId;
+ return {
+ if (attributes != null) 'attributes': attributes,
+ if (kmsKeyId != null) 'kmsKeyId': kmsKeyId,
+ };
+ }
+}
+
+enum ReasonCode {
+ awsServiceAccessDisabled,
+ delegatedAdministratorDeregistered,
+ organizationDeleted,
+ serviceLinkedRoleCreationFailed,
+}
+
+extension ReasonCodeValueExtension on ReasonCode {
+ String toValue() {
+ switch (this) {
+ case ReasonCode.awsServiceAccessDisabled:
+ return 'AWS_SERVICE_ACCESS_DISABLED';
+ case ReasonCode.delegatedAdministratorDeregistered:
+ return 'DELEGATED_ADMINISTRATOR_DEREGISTERED';
+ case ReasonCode.organizationDeleted:
+ return 'ORGANIZATION_DELETED';
+ case ReasonCode.serviceLinkedRoleCreationFailed:
+ return 'SERVICE_LINKED_ROLE_CREATION_FAILED';
+ }
+ }
+}
+
+extension ReasonCodeFromString on String {
+ ReasonCode toReasonCode() {
+ switch (this) {
+ case 'AWS_SERVICE_ACCESS_DISABLED':
+ return ReasonCode.awsServiceAccessDisabled;
+ case 'DELEGATED_ADMINISTRATOR_DEREGISTERED':
+ return ReasonCode.delegatedAdministratorDeregistered;
+ case 'ORGANIZATION_DELETED':
+ return ReasonCode.organizationDeleted;
+ case 'SERVICE_LINKED_ROLE_CREATION_FAILED':
+ return ReasonCode.serviceLinkedRoleCreationFailed;
+ }
+ throw Exception('$this is not known in enum ReasonCode');
+ }
+}
+
+enum ResourceType {
awsS3Bucket,
awsIamRole,
awsSqsQueue,
awsLambdaFunction,
awsLambdaLayerVersion,
awsKmsKey,
+ awsSecretsManagerSecret,
+ awsEfsFileSystem,
+ awsEc2Snapshot,
+ awsEcrRepository,
+ awsRdsDBSnapshot,
+ awsRdsDBClusterSnapshot,
+ awsSnsTopic,
}
extension ResourceTypeValueExtension on ResourceType {
@@ -1636,6 +4105,20 @@ extension ResourceTypeValueExtension on ResourceType {
return 'AWS::Lambda::LayerVersion';
case ResourceType.awsKmsKey:
return 'AWS::KMS::Key';
+ case ResourceType.awsSecretsManagerSecret:
+ return 'AWS::SecretsManager::Secret';
+ case ResourceType.awsEfsFileSystem:
+ return 'AWS::EFS::FileSystem';
+ case ResourceType.awsEc2Snapshot:
+ return 'AWS::EC2::Snapshot';
+ case ResourceType.awsEcrRepository:
+ return 'AWS::ECR::Repository';
+ case ResourceType.awsRdsDBSnapshot:
+ return 'AWS::RDS::DBSnapshot';
+ case ResourceType.awsRdsDBClusterSnapshot:
+ return 'AWS::RDS::DBClusterSnapshot';
+ case ResourceType.awsSnsTopic:
+ return 'AWS::SNS::Topic';
}
}
}
@@ -1655,11 +4138,314 @@ extension ResourceTypeFromString on String {
return ResourceType.awsLambdaLayerVersion;
case 'AWS::KMS::Key':
return ResourceType.awsKmsKey;
+ case 'AWS::SecretsManager::Secret':
+ return ResourceType.awsSecretsManagerSecret;
+ case 'AWS::EFS::FileSystem':
+ return ResourceType.awsEfsFileSystem;
+ case 'AWS::EC2::Snapshot':
+ return ResourceType.awsEc2Snapshot;
+ case 'AWS::ECR::Repository':
+ return ResourceType.awsEcrRepository;
+ case 'AWS::RDS::DBSnapshot':
+ return ResourceType.awsRdsDBSnapshot;
+ case 'AWS::RDS::DBClusterSnapshot':
+ return ResourceType.awsRdsDBClusterSnapshot;
+ case 'AWS::SNS::Topic':
+ return ResourceType.awsSnsTopic;
}
throw Exception('$this is not known in enum ResourceType');
}
}
+/// The configuration for an Amazon S3 access point or multi-region access point
+/// for the bucket. You can propose up to 10 access points or multi-region
+/// access points per bucket. If the proposed Amazon S3 access point
+/// configuration is for an existing bucket, the access preview uses the
+/// proposed access point configuration in place of the existing access points.
+/// To propose an access point without a policy, you can provide an empty string
+/// as the access point policy. For more information, see Creating
+/// access points. For more information about access point policy limits,
+/// see Access
+/// points restrictions and limitations.
+class S3AccessPointConfiguration {
+ /// The access point or multi-region access point policy.
+ final String? accessPointPolicy;
+
+ /// The proposed Internet and VpcConfiguration to
+ /// apply to this Amazon S3 access point. VpcConfiguration does not
+ /// apply to multi-region access points. If the access preview is for a new
+ /// resource and neither is specified, the access preview uses
+ /// Internet for the network origin. If the access preview is for
+ /// an existing resource and neither is specified, the access preview uses the
+ /// exiting network origin.
+ final NetworkOriginConfiguration? networkOrigin;
+
+ /// The proposed S3PublicAccessBlock configuration to apply to this
+ /// Amazon S3 access point or multi-region access point.
+ final S3PublicAccessBlockConfiguration? publicAccessBlock;
+
+ S3AccessPointConfiguration({
+ this.accessPointPolicy,
+ this.networkOrigin,
+ this.publicAccessBlock,
+ });
+
+ factory S3AccessPointConfiguration.fromJson(Map json) {
+ return S3AccessPointConfiguration(
+ accessPointPolicy: json['accessPointPolicy'] as String?,
+ networkOrigin: json['networkOrigin'] != null
+ ? NetworkOriginConfiguration.fromJson(
+ json['networkOrigin'] as Map)
+ : null,
+ publicAccessBlock: json['publicAccessBlock'] != null
+ ? S3PublicAccessBlockConfiguration.fromJson(
+ json['publicAccessBlock'] as Map)
+ : null,
+ );
+ }
+
+ Map toJson() {
+ final accessPointPolicy = this.accessPointPolicy;
+ final networkOrigin = this.networkOrigin;
+ final publicAccessBlock = this.publicAccessBlock;
+ return {
+ if (accessPointPolicy != null) 'accessPointPolicy': accessPointPolicy,
+ if (networkOrigin != null) 'networkOrigin': networkOrigin,
+ if (publicAccessBlock != null) 'publicAccessBlock': publicAccessBlock,
+ };
+ }
+}
+
+/// A proposed access control list grant configuration for an Amazon S3 bucket.
+/// For more information, see How
+/// to Specify an ACL.
+class S3BucketAclGrantConfiguration {
+ /// The grantee to whom you’re assigning access rights.
+ final AclGrantee grantee;
+
+ /// The permissions being granted.
+ final AclPermission permission;
+
+ S3BucketAclGrantConfiguration({
+ required this.grantee,
+ required this.permission,
+ });
+
+ factory S3BucketAclGrantConfiguration.fromJson(Map json) {
+ return S3BucketAclGrantConfiguration(
+ grantee: AclGrantee.fromJson(json['grantee'] as Map),
+ permission: (json['permission'] as String).toAclPermission(),
+ );
+ }
+
+ Map toJson() {
+ final grantee = this.grantee;
+ final permission = this.permission;
+ return {
+ 'grantee': grantee,
+ 'permission': permission.toValue(),
+ };
+ }
+}
+
+/// Proposed access control configuration for an Amazon S3 bucket. You can
+/// propose a configuration for a new Amazon S3 bucket or an existing Amazon S3
+/// bucket that you own by specifying the Amazon S3 bucket policy, bucket ACLs,
+/// bucket BPA settings, Amazon S3 access points, and multi-region access points
+/// attached to the bucket. If the configuration is for an existing Amazon S3
+/// bucket and you do not specify the Amazon S3 bucket policy, the access
+/// preview uses the existing policy attached to the bucket. If the access
+/// preview is for a new resource and you do not specify the Amazon S3 bucket
+/// policy, the access preview assumes a bucket without a policy. To propose
+/// deletion of an existing bucket policy, you can specify an empty string. For
+/// more information about bucket policy limits, see Bucket
+/// Policy Examples.
+class S3BucketConfiguration {
+ /// The configuration of Amazon S3 access points or multi-region access points
+ /// for the bucket. You can propose up to 10 new access points per bucket.
+ final Map? accessPoints;
+
+ /// The proposed list of ACL grants for the Amazon S3 bucket. You can propose up
+ /// to 100 ACL grants per bucket. If the proposed grant configuration is for an
+ /// existing bucket, the access preview uses the proposed list of grant
+ /// configurations in place of the existing grants. Otherwise, the access
+ /// preview uses the existing grants for the bucket.
+ final List? bucketAclGrants;
+
+ /// The proposed bucket policy for the Amazon S3 bucket.
+ final String? bucketPolicy;
+
+ /// The proposed block public access configuration for the Amazon S3 bucket.
+ final S3PublicAccessBlockConfiguration? bucketPublicAccessBlock;
+
+ S3BucketConfiguration({
+ this.accessPoints,
+ this.bucketAclGrants,
+ this.bucketPolicy,
+ this.bucketPublicAccessBlock,
+ });
+
+ factory S3BucketConfiguration.fromJson(Map json) {
+ return S3BucketConfiguration(
+ accessPoints: (json['accessPoints'] as Map?)?.map(
+ (k, e) => MapEntry(k,
+ S3AccessPointConfiguration.fromJson(e as Map))),
+ bucketAclGrants: (json['bucketAclGrants'] as List?)
+ ?.whereNotNull()
+ .map((e) =>
+ S3BucketAclGrantConfiguration.fromJson(e as Map))
+ .toList(),
+ bucketPolicy: json['bucketPolicy'] as String?,
+ bucketPublicAccessBlock: json['bucketPublicAccessBlock'] != null
+ ? S3PublicAccessBlockConfiguration.fromJson(
+ json['bucketPublicAccessBlock'] as Map)
+ : null,
+ );
+ }
+
+ Map toJson() {
+ final accessPoints = this.accessPoints;
+ final bucketAclGrants = this.bucketAclGrants;
+ final bucketPolicy = this.bucketPolicy;
+ final bucketPublicAccessBlock = this.bucketPublicAccessBlock;
+ return {
+ if (accessPoints != null) 'accessPoints': accessPoints,
+ if (bucketAclGrants != null) 'bucketAclGrants': bucketAclGrants,
+ if (bucketPolicy != null) 'bucketPolicy': bucketPolicy,
+ if (bucketPublicAccessBlock != null)
+ 'bucketPublicAccessBlock': bucketPublicAccessBlock,
+ };
+ }
+}
+
+/// The PublicAccessBlock configuration to apply to this Amazon S3
+/// bucket. If the proposed configuration is for an existing Amazon S3 bucket
+/// and the configuration is not specified, the access preview uses the existing
+/// setting. If the proposed configuration is for a new bucket and the
+/// configuration is not specified, the access preview uses false.
+/// If the proposed configuration is for a new access point or multi-region
+/// access point and the access point BPA configuration is not specified, the
+/// access preview uses true. For more information, see PublicAccessBlockConfiguration.
+class S3PublicAccessBlockConfiguration {
+ /// Specifies whether Amazon S3 should ignore public ACLs for this bucket and
+ /// objects in this bucket.
+ final bool ignorePublicAcls;
+
+ /// Specifies whether Amazon S3 should restrict public bucket policies for this
+ /// bucket.
+ final bool restrictPublicBuckets;
+
+ S3PublicAccessBlockConfiguration({
+ required this.ignorePublicAcls,
+ required this.restrictPublicBuckets,
+ });
+
+ factory S3PublicAccessBlockConfiguration.fromJson(Map json) {
+ return S3PublicAccessBlockConfiguration(
+ ignorePublicAcls: json['ignorePublicAcls'] as bool,
+ restrictPublicBuckets: json['restrictPublicBuckets'] as bool,
+ );
+ }
+
+ Map toJson() {
+ final ignorePublicAcls = this.ignorePublicAcls;
+ final restrictPublicBuckets = this.restrictPublicBuckets;
+ return {
+ 'ignorePublicAcls': ignorePublicAcls,
+ 'restrictPublicBuckets': restrictPublicBuckets,
+ };
+ }
+}
+
+/// The configuration for a Secrets Manager secret. For more information, see CreateSecret.
+///
+/// You can propose a configuration for a new secret or an existing secret that
+/// you own by specifying the secret policy and optional KMS encryption key. If
+/// the configuration is for an existing secret and you do not specify the
+/// secret policy, the access preview uses the existing policy for the secret.
+/// If the access preview is for a new resource and you do not specify the
+/// policy, the access preview assumes a secret without a policy. To propose
+/// deletion of an existing policy, you can specify an empty string. If the
+/// proposed configuration is for a new secret and you do not specify the KMS
+/// key ID, the access preview uses the Amazon Web Services managed key
+/// aws/secretsmanager. If you specify an empty string for the KMS
+/// key ID, the access preview uses the Amazon Web Services managed key of the
+/// Amazon Web Services account. For more information about secret policy
+/// limits, see Quotas
+/// for Secrets Manager..
+class SecretsManagerSecretConfiguration {
+ /// The proposed ARN, key ID, or alias of the KMS key.
+ final String? kmsKeyId;
+
+ /// The proposed resource policy defining who can access or manage the secret.
+ final String? secretPolicy;
+
+ SecretsManagerSecretConfiguration({
+ this.kmsKeyId,
+ this.secretPolicy,
+ });
+
+ factory SecretsManagerSecretConfiguration.fromJson(
+ Map json) {
+ return SecretsManagerSecretConfiguration(
+ kmsKeyId: json['kmsKeyId'] as String?,
+ secretPolicy: json['secretPolicy'] as String?,
+ );
+ }
+
+ Map toJson() {
+ final kmsKeyId = this.kmsKeyId;
+ final secretPolicy = this.secretPolicy;
+ return {
+ if (kmsKeyId != null) 'kmsKeyId': kmsKeyId,
+ if (secretPolicy != null) 'secretPolicy': secretPolicy,
+ };
+ }
+}
+
+/// The proposed access control configuration for an Amazon SNS topic. You can
+/// propose a configuration for a new Amazon SNS topic or an existing Amazon SNS
+/// topic that you own by specifying the policy. If the configuration is for an
+/// existing Amazon SNS topic and you do not specify the Amazon SNS policy, then
+/// the access preview uses the existing Amazon SNS policy for the topic. If the
+/// access preview is for a new resource and you do not specify the policy, then
+/// the access preview assumes an Amazon SNS topic without a policy. To propose
+/// deletion of an existing Amazon SNS topic policy, you can specify an empty
+/// string for the Amazon SNS policy. For more information, see Topic.
+class SnsTopicConfiguration {
+ /// The JSON policy text that defines who can access an Amazon SNS topic. For
+ /// more information, see Example
+ /// cases for Amazon SNS access control in the Amazon SNS Developer
+ /// Guide.
+ final String? topicPolicy;
+
+ SnsTopicConfiguration({
+ this.topicPolicy,
+ });
+
+ factory SnsTopicConfiguration.fromJson(Map json) {
+ return SnsTopicConfiguration(
+ topicPolicy: json['topicPolicy'] as String?,
+ );
+ }
+
+ Map toJson() {
+ final topicPolicy = this.topicPolicy;
+ return {
+ if (topicPolicy != null) 'topicPolicy': topicPolicy,
+ };
+ }
+}
+
/// The criteria used to sort.
class SortCriteria {
/// The name of the attribute to sort on.
@@ -1682,11 +4468,86 @@ class SortCriteria {
}
}
+/// A span in a policy. The span consists of a start position (inclusive) and
+/// end position (exclusive).
+class Span {
+ /// The end position of the span (exclusive).
+ final Position end;
+
+ /// The start position of the span (inclusive).
+ final Position start;
+
+ Span({
+ required this.end,
+ required this.start,
+ });
+
+ factory Span.fromJson(Map json) {
+ return Span(
+ end: Position.fromJson(json['end'] as Map),
+ start: Position.fromJson(json['start'] as Map),
+ );
+ }
+}
+
+/// The proposed access control configuration for an Amazon SQS queue. You can
+/// propose a configuration for a new Amazon SQS queue or an existing Amazon SQS
+/// queue that you own by specifying the Amazon SQS policy. If the configuration
+/// is for an existing Amazon SQS queue and you do not specify the Amazon SQS
+/// policy, the access preview uses the existing Amazon SQS policy for the
+/// queue. If the access preview is for a new resource and you do not specify
+/// the policy, the access preview assumes an Amazon SQS queue without a policy.
+/// To propose deletion of an existing Amazon SQS queue policy, you can specify
+/// an empty string for the Amazon SQS policy. For more information about Amazon
+/// SQS policy limits, see Quotas
+/// related to policies.
+class SqsQueueConfiguration {
+ /// The proposed resource policy for the Amazon SQS queue.
+ final String? queuePolicy;
+
+ SqsQueueConfiguration({
+ this.queuePolicy,
+ });
+
+ factory SqsQueueConfiguration.fromJson(Map json) {
+ return SqsQueueConfiguration(
+ queuePolicy: json['queuePolicy'] as String?,
+ );
+ }
+
+ Map toJson() {
+ final queuePolicy = this.queuePolicy;
+ return {
+ if (queuePolicy != null) 'queuePolicy': queuePolicy,
+ };
+ }
+}
+
+class StartPolicyGenerationResponse {
+ /// The JobId that is returned by the
+ /// StartPolicyGeneration operation. The JobId can be
+ /// used with GetGeneratedPolicy to retrieve the generated policies
+ /// or used with CancelPolicyGeneration to cancel the policy
+ /// generation request.
+ final String jobId;
+
+ StartPolicyGenerationResponse({
+ required this.jobId,
+ });
+
+ factory StartPolicyGenerationResponse.fromJson(Map json) {
+ return StartPolicyGenerationResponse(
+ jobId: json['jobId'] as String,
+ );
+ }
+}
+
/// Provides more details about the current status of the analyzer. For example,
/// if the creation for the analyzer fails, a Failed status is
-/// displayed. For an analyzer with organization as the type, this failure can
-/// be due to an issue with creating the service-linked roles required in the
-/// member accounts of the AWS organization.
+/// returned. For an analyzer with organization as the type, this failure can be
+/// due to an issue with creating the service-linked roles required in the
+/// member accounts of the Amazon Web Services organization.
class StatusReason {
/// The reason code for the current status of the analyzer.
final ReasonCode code;
@@ -1694,6 +4555,7 @@ class StatusReason {
StatusReason({
required this.code,
});
+
factory StatusReason.fromJson(Map json) {
return StatusReason(
code: (json['code'] as String).toReasonCode(),
@@ -1701,14 +4563,103 @@ class StatusReason {
}
}
+/// A reference to a substring of a literal string in a JSON document.
+class Substring {
+ /// The length of the substring.
+ final int length;
+
+ /// The start index of the substring, starting from 0.
+ final int start;
+
+ Substring({
+ required this.length,
+ required this.start,
+ });
+
+ factory Substring.fromJson(Map json) {
+ return Substring(
+ length: json['length'] as int,
+ start: json['start'] as int,
+ );
+ }
+}
+
/// The response to the request.
class TagResourceResponse {
TagResourceResponse();
+
factory TagResourceResponse.fromJson(Map _) {
return TagResourceResponse();
}
}
+/// Contains details about the CloudTrail trail being analyzed to generate a
+/// policy.
+class Trail {
+ /// Specifies the ARN of the trail. The format of a trail ARN is
+ /// arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail.
+ final String cloudTrailArn;
+
+ /// Possible values are true or false. If set to
+ /// true, IAM Access Analyzer retrieves CloudTrail data from all
+ /// regions to analyze and generate a policy.
+ final bool? allRegions;
+
+ /// A list of regions to get CloudTrail data from and analyze to generate a
+ /// policy.
+ final List? regions;
+
+ Trail({
+ required this.cloudTrailArn,
+ this.allRegions,
+ this.regions,
+ });
+ Map toJson() {
+ final cloudTrailArn = this.cloudTrailArn;
+ final allRegions = this.allRegions;
+ final regions = this.regions;
+ return {
+ 'cloudTrailArn': cloudTrailArn,
+ if (allRegions != null) 'allRegions': allRegions,
+ if (regions != null) 'regions': regions,
+ };
+ }
+}
+
+/// Contains details about the CloudTrail trail being analyzed to generate a
+/// policy.
+class TrailProperties {
+ /// Specifies the ARN of the trail. The format of a trail ARN is
+ /// arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail.
+ final String cloudTrailArn;
+
+ /// Possible values are true or false. If set to
+ /// true, IAM Access Analyzer retrieves CloudTrail data from all
+ /// regions to analyze and generate a policy.
+ final bool? allRegions;
+
+ /// A list of regions to get CloudTrail data from and analyze to generate a
+ /// policy.
+ final List? regions;
+
+ TrailProperties({
+ required this.cloudTrailArn,
+ this.allRegions,
+ this.regions,
+ });
+
+ factory TrailProperties.fromJson(Map json) {
+ return TrailProperties(
+ cloudTrailArn: json['cloudTrailArn'] as String,
+ allRegions: json['allRegions'] as bool?,
+ regions: (json['regions'] as List?)
+ ?.whereNotNull()
+ .map((e) => e as String)
+ .toList(),
+ );
+ }
+}
+
enum Type {
account,
organization,
@@ -1740,11 +4691,201 @@ extension TypeFromString on String {
/// The response to the request.
class UntagResourceResponse {
UntagResourceResponse();
+
factory UntagResourceResponse.fromJson(Map _) {
return UntagResourceResponse();
}
}
+/// A finding in a policy. Each finding is an actionable recommendation that can
+/// be used to improve the policy.
+class ValidatePolicyFinding {
+ /// A localized message that explains the finding and provides guidance on how
+ /// to address it.
+ final String findingDetails;
+
+ /// The impact of the finding.
+ ///
+ /// Security warnings report when the policy allows access that we consider
+ /// overly permissive.
+ ///
+ /// Errors report when a part of the policy is not functional.
+ ///
+ /// Warnings report non-security issues when a policy does not conform to policy
+ /// writing best practices.
+ ///
+ /// Suggestions recommend stylistic improvements in the policy that do not
+ /// impact access.
+ final ValidatePolicyFindingType findingType;
+
+ /// The issue code provides an identifier of the issue associated with this
+ /// finding.
+ final String issueCode;
+
+ /// A link to additional documentation about the type of finding.
+ final String learnMoreLink;
+
+ /// The list of locations in the policy document that are related to the
+ /// finding. The issue code provides a summary of an issue identified by the
+ /// finding.
+ final List locations;
+
+ ValidatePolicyFinding({
+ required this.findingDetails,
+ required this.findingType,
+ required this.issueCode,
+ required this.learnMoreLink,
+ required this.locations,
+ });
+
+ factory ValidatePolicyFinding.fromJson(Map json) {
+ return ValidatePolicyFinding(
+ findingDetails: json['findingDetails'] as String,
+ findingType:
+ (json['findingType'] as String).toValidatePolicyFindingType(),
+ issueCode: json['issueCode'] as String,
+ learnMoreLink: json['learnMoreLink'] as String,
+ locations: (json['locations'] as List)
+ .whereNotNull()
+ .map((e) => Location.fromJson(e as Map))
+ .toList(),
+ );
+ }
+}
+
+enum ValidatePolicyFindingType {
+ error,
+ securityWarning,
+ suggestion,
+ warning,
+}
+
+extension ValidatePolicyFindingTypeValueExtension on ValidatePolicyFindingType {
+ String toValue() {
+ switch (this) {
+ case ValidatePolicyFindingType.error:
+ return 'ERROR';
+ case ValidatePolicyFindingType.securityWarning:
+ return 'SECURITY_WARNING';
+ case ValidatePolicyFindingType.suggestion:
+ return 'SUGGESTION';
+ case ValidatePolicyFindingType.warning:
+ return 'WARNING';
+ }
+ }
+}
+
+extension ValidatePolicyFindingTypeFromString on String {
+ ValidatePolicyFindingType toValidatePolicyFindingType() {
+ switch (this) {
+ case 'ERROR':
+ return ValidatePolicyFindingType.error;
+ case 'SECURITY_WARNING':
+ return ValidatePolicyFindingType.securityWarning;
+ case 'SUGGESTION':
+ return ValidatePolicyFindingType.suggestion;
+ case 'WARNING':
+ return ValidatePolicyFindingType.warning;
+ }
+ throw Exception('$this is not known in enum ValidatePolicyFindingType');
+ }
+}
+
+enum ValidatePolicyResourceType {
+ awsS3Bucket,
+ awsS3AccessPoint,
+ awsS3MultiRegionAccessPoint,
+ awsS3ObjectLambdaAccessPoint,
+ awsIamAssumeRolePolicyDocument,
+}
+
+extension ValidatePolicyResourceTypeValueExtension
+ on ValidatePolicyResourceType {
+ String toValue() {
+ switch (this) {
+ case ValidatePolicyResourceType.awsS3Bucket:
+ return 'AWS::S3::Bucket';
+ case ValidatePolicyResourceType.awsS3AccessPoint:
+ return 'AWS::S3::AccessPoint';
+ case ValidatePolicyResourceType.awsS3MultiRegionAccessPoint:
+ return 'AWS::S3::MultiRegionAccessPoint';
+ case ValidatePolicyResourceType.awsS3ObjectLambdaAccessPoint:
+ return 'AWS::S3ObjectLambda::AccessPoint';
+ case ValidatePolicyResourceType.awsIamAssumeRolePolicyDocument:
+ return 'AWS::IAM::AssumeRolePolicyDocument';
+ }
+ }
+}
+
+extension ValidatePolicyResourceTypeFromString on String {
+ ValidatePolicyResourceType toValidatePolicyResourceType() {
+ switch (this) {
+ case 'AWS::S3::Bucket':
+ return ValidatePolicyResourceType.awsS3Bucket;
+ case 'AWS::S3::AccessPoint':
+ return ValidatePolicyResourceType.awsS3AccessPoint;
+ case 'AWS::S3::MultiRegionAccessPoint':
+ return ValidatePolicyResourceType.awsS3MultiRegionAccessPoint;
+ case 'AWS::S3ObjectLambda::AccessPoint':
+ return ValidatePolicyResourceType.awsS3ObjectLambdaAccessPoint;
+ case 'AWS::IAM::AssumeRolePolicyDocument':
+ return ValidatePolicyResourceType.awsIamAssumeRolePolicyDocument;
+ }
+ throw Exception('$this is not known in enum ValidatePolicyResourceType');
+ }
+}
+
+class ValidatePolicyResponse {
+ /// The list of findings in a policy returned by IAM Access Analyzer based on
+ /// its suite of policy checks.
+ final List findings;
+
+ /// A token used for pagination of results returned.
+ final String? nextToken;
+
+ ValidatePolicyResponse({
+ required this.findings,
+ this.nextToken,
+ });
+
+ factory ValidatePolicyResponse.fromJson(Map json) {
+ return ValidatePolicyResponse(
+ findings: (json['findings'] as List)
+ .whereNotNull()
+ .map((e) => ValidatePolicyFinding.fromJson(e as Map))
+ .toList(),
+ nextToken: json['nextToken'] as String?,
+ );
+ }
+}
+
+/// The proposed virtual private cloud (VPC) configuration for the Amazon S3
+/// access point. VPC configuration does not apply to multi-region access
+/// points. For more information, see VpcConfiguration.
+class VpcConfiguration {
+ /// If this field is specified, this access point will only allow connections
+ /// from the specified VPC ID.
+ final String vpcId;
+
+ VpcConfiguration({
+ required this.vpcId,
+ });
+
+ factory VpcConfiguration.fromJson(Map json) {
+ return VpcConfiguration(
+ vpcId: json['vpcId'] as String,
+ );
+ }
+
+ Map toJson() {
+ final vpcId = this.vpcId;
+ return {
+ 'vpcId': vpcId,
+ };
+ }
+}
+
class AccessDeniedException extends _s.GenericAwsException {
AccessDeniedException({String? type, String? message})
: super(type: type, code: 'AccessDeniedException', message: message);
diff --git a/generated/aws_acm_api/README.md b/generated/aws_acm_api/README.md
index 5078b5b56..4b3c31094 100644
--- a/generated/aws_acm_api/README.md
+++ b/generated/aws_acm_api/README.md
@@ -3,7 +3,11 @@
**Generated Dart library from API specification**
*About the service:*
-Welcome to the AWS Certificate Manager (ACM) API documentation.
+You can use Certificate Manager (ACM) to manage SSL/TLS certificates for
+your Amazon Web Services-based websites and applications. For more
+information about using ACM, see the Certificate Manager
+User Guide.
## Links
diff --git a/generated/aws_acm_api/lib/acm-2015-12-08.dart b/generated/aws_acm_api/lib/acm-2015-12-08.dart
index 1f9610c63..60145acf9 100644
--- a/generated/aws_acm_api/lib/acm-2015-12-08.dart
+++ b/generated/aws_acm_api/lib/acm-2015-12-08.dart
@@ -18,7 +18,11 @@ import 'package:shared_aws_api/shared.dart'
export 'package:shared_aws_api/shared.dart' show AwsClientCredentials;
-/// Welcome to the AWS Certificate Manager (ACM) API documentation.
+/// You can use Certificate Manager (ACM) to manage SSL/TLS certificates for
+/// your Amazon Web Services-based websites and applications. For more
+/// information about using ACM, see the Certificate Manager
+/// User Guide.
class ACM {
final _s.JsonProtocol _protocol;
ACM({
@@ -48,10 +52,10 @@ class ACM {
}
/// Adds one or more tags to an ACM certificate. Tags are labels that you can
- /// use to identify and organize your AWS resources. Each tag consists of a
- /// key and an optional value. You specify the
- /// certificate on input by its Amazon Resource Name (ARN). You specify the
- /// tag by using a key-value pair.
+ /// use to identify and organize your Amazon Web Services resources. Each tag
+ /// consists of a key and an optional value. You
+ /// specify the certificate on input by its Amazon Resource Name (ARN). You
+ /// specify the tag by using a key-value pair.
///
/// You can apply a tag to just one certificate if you want to identify a
/// specific characteristic of that certificate, or you can apply the same tag
@@ -74,6 +78,7 @@ class ACM {
/// May throw [TooManyTagsException].
/// May throw [TagPolicyException].
/// May throw [InvalidParameterException].
+ /// May throw [ThrottlingException].
///
/// Parameter [certificateArn] :
/// String that contains the ARN of the ACM certificate to which the tag is to
@@ -83,7 +88,7 @@ class ACM {
///
/// For more information about ARNs, see Amazon
- /// Resource Names (ARNs) and AWS Service Namespaces.
+ /// Resource Names (ARNs).
///
/// Parameter [tags] :
/// The key-value pair that defines the tag. The tag value is optional.
@@ -112,15 +117,18 @@ class ACM {
/// succeeds, the certificate no longer appears in the list that can be
/// displayed by calling the ListCertificates action or be retrieved by
/// calling the GetCertificate action. The certificate will not be
- /// available for use by AWS services integrated with ACM.
+ /// available for use by Amazon Web Services services integrated with ACM.
///
- /// You cannot delete an ACM certificate that is being used by another AWS
- /// service. To delete a certificate that is in use, the certificate
- /// association must first be removed.
+ /// You cannot delete an ACM certificate that is being used by another Amazon
+ /// Web Services service. To delete a certificate that is in use, the
+ /// certificate association must first be removed.
///
///
/// May throw [ResourceNotFoundException].
/// May throw [ResourceInUseException].
+ /// May throw [AccessDeniedException].
+ /// May throw [ThrottlingException].
+ /// May throw [ConflictException].
/// May throw [InvalidArnException].
///
/// Parameter [certificateArn] :
@@ -131,7 +139,7 @@ class ACM {
///
/// For more information about ARNs, see Amazon
- /// Resource Names (ARNs) and AWS Service Namespaces.
+ /// Resource Names (ARNs).
Future deleteCertificate({
required String certificateArn,
}) async {
@@ -153,6 +161,10 @@ class ACM {
/// Returns detailed metadata about the specified ACM certificate.
///
+ /// If you have just created a certificate using the
+ /// RequestCertificate action, there is a delay of several
+ /// seconds before you can retrieve information about it.
+ ///
/// May throw [ResourceNotFoundException].
/// May throw [InvalidArnException].
///
@@ -164,7 +176,7 @@ class ACM {
///
/// For more information about ARNs, see Amazon
- /// Resource Names (ARNs) and AWS Service Namespaces.
+ /// Resource Names (ARNs).
Future describeCertificate({
required String certificateArn,
}) async {
@@ -208,9 +220,14 @@ class ACM {
/// arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012
///
/// Parameter [passphrase] :
- /// Passphrase to associate with the encrypted exported private key. If you
- /// want to later decrypt the private key, you must have the passphrase. You
- /// can use the following OpenSSL command to decrypt a private key:
+ /// Passphrase to associate with the encrypted exported private key.
+ ///
+ /// When creating your passphrase, you can use any ASCII character except #,
+ /// $, or %.
+ ///
+ /// If you want to later decrypt the private key, you must have the
+ /// passphrase. You can use the following OpenSSL command to decrypt a private
+ /// key. After entering the command, you are prompted for the passphrase.
///
/// openssl rsa -in encrypted_key.pem -out decrypted_key.pem
Future exportCertificate({
@@ -236,6 +253,27 @@ class ACM {
return ExportCertificateResponse.fromJson(jsonResponse.body);
}
+ /// Returns the account configuration options associated with an Amazon Web
+ /// Services account.
+ ///
+ /// May throw [AccessDeniedException].
+ /// May throw [ThrottlingException].
+ Future getAccountConfiguration() async {
+ final headers = {
+ 'Content-Type': 'application/x-amz-json-1.1',
+ 'X-Amz-Target': 'CertificateManager.GetAccountConfiguration'
+ };
+ final jsonResponse = await _protocol.send(
+ method: 'POST',
+ requestUri: '/',
+ exceptionFnMap: _exceptionFns,
+ // TODO queryParams
+ headers: headers,
+ );
+
+ return GetAccountConfigurationResponse.fromJson(jsonResponse.body);
+ }
+
/// Retrieves an Amazon-issued certificate and its certificate chain. The
/// chain consists of the certificate of the issuing CA and the intermediate
/// certificates of any other subordinate CAs. All of the certificates are
@@ -254,7 +292,7 @@ class ACM {
///
/// For more information about ARNs, see Amazon
- /// Resource Names (ARNs) and AWS Service Namespaces.
+ /// Resource Names (ARNs).
Future getCertificate({
required String certificateArn,
}) async {
@@ -276,8 +314,8 @@ class ACM {
return GetCertificateResponse.fromJson(jsonResponse.body);
}
- /// Imports a certificate into AWS Certificate Manager (ACM) to use with
- /// services that are integrated with ACM. Note that integrated
/// services allow only certificate types and keys they support to be
/// associated with their resources. Further, their support differs depending
@@ -285,7 +323,7 @@ class ACM {
/// information, see the documentation for each service. For more information
/// about importing certificates into ACM, see Importing
- /// Certificates in the AWS Certificate Manager User Guide.
+ /// Certificates in the Certificate Manager User Guide.
///
/// ACM does not provide managed
@@ -303,6 +341,9 @@ class ACM {
/// is protected by a password or a passphrase.
///
///
+ /// The private key must be no larger than 5 KB (5,120 bytes).
+ ///
+ ///
/// If the certificate you are importing is not self-signed, you must enter
/// its certificate chain.
///
@@ -326,14 +367,14 @@ class ACM {
///
/// To import a new certificate, omit the CertificateArn
/// argument. Include this argument only when you want to replace a previously
- /// imported certifica
+ /// imported certificate.
///
///
/// When you import a certificate by using the CLI, you must specify the
/// certificate, the certificate chain, and the private key by their file
- /// names preceded by file://. For example, you can specify a
+ /// names preceded by fileb://. For example, you can specify a
/// certificate saved in the C:\temp folder as
- /// file://C:\temp\certificate_to_import.pem. If you are making
+ /// fileb://C:\temp\certificate_to_import.pem. If you are making
/// an HTTP or HTTPS Query request, include these arguments as BLOBs.
///
///
@@ -357,6 +398,7 @@ class ACM {
/// May throw [TooManyTagsException].
/// May throw [TagPolicyException].
/// May throw [InvalidParameterException].
+ /// May throw [InvalidArnException].
///
/// Parameter [certificate] :
/// The certificate to import.
@@ -414,6 +456,7 @@ class ACM {
/// Filters.
///
/// May throw [InvalidArgsException].
+ /// May throw [ValidationException].
///
/// Parameter [certificateStatuses] :
/// Filter the certificate list by status value.
@@ -433,11 +476,21 @@ class ACM {
/// Use this parameter only when paginating results and only in a subsequent
/// request after you receive a response with truncated results. Set it to the
/// value of NextToken from the response you just received.
+ ///
+ /// Parameter [sortBy] :
+ /// Specifies the field to sort results by. If you specify
+ /// SortBy, you must also specify SortOrder.
+ ///
+ /// Parameter [sortOrder] :
+ /// Specifies the order of sorted results. If you specify
+ /// SortOrder, you must also specify SortBy.
Future listCertificates({
List? certificateStatuses,
Filters? includes,
int? maxItems,
String? nextToken,
+ SortBy? sortBy,
+ SortOrder? sortOrder,
}) async {
_s.validateNumRange(
'maxItems',
@@ -462,6 +515,8 @@ class ACM {
if (includes != null) 'Includes': includes,
if (maxItems != null) 'MaxItems': maxItems,
if (nextToken != null) 'NextToken': nextToken,
+ if (sortBy != null) 'SortBy': sortBy.toValue(),
+ if (sortOrder != null) 'SortOrder': sortOrder.toValue(),
},
);
@@ -484,7 +539,7 @@ class ACM {
///
/// For more information about ARNs, see Amazon
- /// Resource Names (ARNs) and AWS Service Namespaces.
+ /// Resource Names (ARNs).
Future listTagsForCertificate({
required String certificateArn,
}) async {
@@ -506,6 +561,50 @@ class ACM {
return ListTagsForCertificateResponse.fromJson(jsonResponse.body);
}
+ /// Adds or modifies account-level configurations in ACM.
+ ///
+ /// The supported configuration option is DaysBeforeExpiry. This
+ /// option specifies the number of days prior to certificate expiration when
+ /// ACM starts generating EventBridge events. ACM sends one event
+ /// per day per certificate until the certificate expires. By default,
+ /// accounts receive events starting 45 days before certificate expiration.
+ ///
+ /// May throw [ValidationException].
+ /// May throw [ThrottlingException].
+ /// May throw [AccessDeniedException].
+ /// May throw [ConflictException].
+ ///
+ /// Parameter [idempotencyToken] :
+ /// Customer-chosen string used to distinguish between calls to
+ /// PutAccountConfiguration. Idempotency tokens time out after
+ /// one hour. If you call PutAccountConfiguration multiple times
+ /// with the same unexpired idempotency token, ACM treats it as the same
+ /// request and returns the original result. If you change the idempotency
+ /// token for each call, ACM treats each call as a new request.
+ ///
+ /// Parameter [expiryEvents] :
+ /// Specifies expiration events associated with an account.
+ Future putAccountConfiguration({
+ required String idempotencyToken,
+ ExpiryEventsConfiguration? expiryEvents,
+ }) async {
+ final headers = {
+ 'Content-Type': 'application/x-amz-json-1.1',
+ 'X-Amz-Target': 'CertificateManager.PutAccountConfiguration'
+ };
+ await _protocol.send(
+ method: 'POST',
+ requestUri: '/',
+ exceptionFnMap: _exceptionFns,
+ // TODO queryParams
+ headers: headers,
+ payload: {
+ 'IdempotencyToken': idempotencyToken,
+ if (expiryEvents != null) 'ExpiryEvents': expiryEvents,
+ },
+ );
+ }
+
/// Remove one or more tags from an ACM certificate. A tag consists of a
/// key-value pair. If you do not specify the value portion of the tag when
/// calling this function, the tag will be removed regardless of value. If you
@@ -521,6 +620,7 @@ class ACM {
/// May throw [InvalidTagException].
/// May throw [TagPolicyException].
/// May throw [InvalidParameterException].
+ /// May throw [ThrottlingException].
///
/// Parameter [certificateArn] :
/// String that contains the ARN of the ACM Certificate with one or more tags
@@ -530,7 +630,7 @@ class ACM {
///
/// For more information about ARNs, see Amazon
- /// Resource Names (ARNs) and AWS Service Namespaces.
+ /// Resource Names (ARNs).
///
/// Parameter [tags] :
/// The key-value pair that defines the tag to remove.
@@ -555,10 +655,10 @@ class ACM {
);
}
- /// Renews an eligable ACM certificate. At this time, only exported private
+ /// Renews an eligible ACM certificate. At this time, only exported private
/// certificates can be renewed with this operation. In order to renew your
- /// ACM PCA certificates with ACM, you must first grant
+ /// Amazon Web Services Private CA certificates with ACM, you must first grant
/// the ACM service principal permission to do so. For more information,
/// see Testing
@@ -575,7 +675,7 @@ class ACM {
///
/// For more information about ARNs, see Amazon
- /// Resource Names (ARNs) and AWS Service Namespaces.
+ /// Resource Names (ARNs).
Future renewCertificate({
required String certificateArn,
}) async {
@@ -595,10 +695,11 @@ class ACM {
);
}
- /// Requests an ACM certificate for use with other AWS services. To request an
- /// ACM certificate, you must specify a fully qualified domain name (FQDN) in
- /// the DomainName parameter. You can also specify additional
- /// FQDNs in the SubjectAlternativeNames parameter.
+ /// Requests an ACM certificate for use with other Amazon Web Services
+ /// services. To request an ACM certificate, you must specify a fully
+ /// qualified domain name (FQDN) in the DomainName parameter. You
+ /// can also specify additional FQDNs in the
+ /// SubjectAlternativeNames parameter.
///
/// If you are requesting a private certificate, domain validation is not
/// required. If you are requesting a public certificate, each domain name
@@ -609,6 +710,16 @@ class ACM {
/// href="https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-email.html">email
/// validation. We recommend that you use DNS validation. ACM issues
/// public certificates after receiving approval from the domain owner.
+ ///
+ /// ACM behavior differs from the RFC
+ /// 6125 specification of the certificate validation process. ACM first
+ /// checks for a Subject Alternative Name, and, if it finds one, ignores the
+ /// common name (CN).
+ ///
+ /// After successful completion of the RequestCertificate action,
+ /// there is a delay of several seconds before you can retrieve information
+ /// about the new certificate.
///
/// May throw [LimitExceededException].
/// May throw [InvalidDomainValidationOptionsException].
@@ -625,9 +736,12 @@ class ACM {
/// example, *.example.com protects www.example.com, site.example.com, and
/// images.example.com.
///
- /// The first domain name you enter cannot exceed 64 octets, including
- /// periods. Each subsequent Subject Alternative Name (SAN), however, can be
- /// up to 253 octets in length.
+ /// In compliance with RFC 5280, the
+ /// length of the domain name (technically, the Common Name) that you provide
+ /// cannot exceed 64 octets (characters), including periods. To add a longer
+ /// domain name, specify it in the Subject Alternative Name field, which
+ /// supports names up to 253 octets in length.
///
/// Parameter [certificateAuthorityArn] :
/// The Amazon Resource Name (ARN) of the private certificate authority (CA)
@@ -635,9 +749,9 @@ class ACM {
/// and you are trying to request a private certificate, ACM will attempt to
/// issue a public certificate. For more information about private CAs, see
/// the AWS
- /// Certificate Manager Private Certificate Authority (PCA) user guide.
- /// The ARN must have the following form:
+ /// href="https://docs.aws.amazon.com/privateca/latest/userguide/PcaWelcome.html">Amazon
+ /// Web Services Private Certificate Authority user guide. The ARN must
+ /// have the following form:
///
/// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
///
@@ -654,6 +768,20 @@ class ACM {
/// change the idempotency token for each call, ACM recognizes that you are
/// requesting multiple certificates.
///
+ /// Parameter [keyAlgorithm] :
+ /// Specifies the algorithm of the public and private key pair that your
+ /// certificate uses to encrypt data. RSA is the default key algorithm for ACM
+ /// certificates. Elliptic Curve Digital Signature Algorithm (ECDSA) keys are
+ /// smaller, offering security comparable to RSA keys but with greater
+ /// computing efficiency. However, ECDSA is not supported by all network
+ /// clients. Some AWS services may require RSA keys, or only support ECDSA
+ /// keys of a particular size, while others allow the use of either RSA and
+ /// ECDSA keys to ensure that compatibility is not broken. Check the
+ /// requirements for the AWS service where you plan to deploy your
+ /// certificate.
+ ///
+ /// Default: RSA_2048
+ ///
/// Parameter [options] :
/// Currently, you can use this parameter to specify whether to add the
/// certificate to a certificate transparency log. Certificate transparency
@@ -710,6 +838,7 @@ class ACM {
String? certificateAuthorityArn,
List? domainValidationOptions,
String? idempotencyToken,
+ KeyAlgorithm? keyAlgorithm,
CertificateOptions? options,
List? subjectAlternativeNames,
List? tags,
@@ -732,6 +861,7 @@ class ACM {
if (domainValidationOptions != null)
'DomainValidationOptions': domainValidationOptions,
if (idempotencyToken != null) 'IdempotencyToken': idempotencyToken,
+ if (keyAlgorithm != null) 'KeyAlgorithm': keyAlgorithm.toValue(),
if (options != null) 'Options': options,
if (subjectAlternativeNames != null)
'SubjectAlternativeNames': subjectAlternativeNames,
@@ -877,18 +1007,17 @@ class CertificateDetail {
/// The Amazon Resource Name (ARN) of the certificate. For more information
/// about ARNs, see Amazon
- /// Resource Names (ARNs) and AWS Service Namespaces in the AWS General
+ /// Resource Names (ARNs) in the Amazon Web Services General
/// Reference.
final String? certificateArn;
- /// The Amazon Resource Name (ARN) of the ACM PCA private certificate authority
- /// (CA) that issued the certificate. This has the following format:
+ /// The Amazon Resource Name (ARN) of the private certificate authority (CA)
+ /// that issued the certificate. This has the following format:
///
/// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
final String? certificateAuthorityArn;
- /// The time at which the certificate was requested. This value exists only when
- /// the certificate type is AMAZON_ISSUED.
+ /// The time at which the certificate was requested.
final DateTime? createdAt;
/// The fully qualified domain name for the certificate, such as www.example.com
@@ -908,15 +1037,16 @@ class CertificateDetail {
/// The reason the certificate request failed. This value exists only when the
/// certificate status is FAILED. For more information, see Certificate
- /// Request Failed in the AWS Certificate Manager User Guide.
+ /// Request Failed in the Certificate Manager User Guide.
final FailureReason? failureReason;
- /// The date and time at which the certificate was imported. This value exists
- /// only when the certificate type is IMPORTED.
+ /// The date and time when the certificate was imported. This value exists only
+ /// when the certificate type is IMPORTED.
final DateTime? importedAt;
- /// A list of ARNs for the AWS resources that are using the certificate. A
- /// certificate can be used by multiple AWS resources.
+ /// A list of ARNs for the Amazon Web Services resources that are using the
+ /// certificate. A certificate can be used by multiple Amazon Web Services
+ /// resources.
final List? inUseBy;
/// The time at which the certificate was issued. This value exists only when
@@ -975,6 +1105,18 @@ class CertificateDetail {
final String? signatureAlgorithm;
/// The status of the certificate.
+ ///
+ /// A certificate enters status PENDING_VALIDATION upon being requested, unless
+ /// it fails for any of the reasons given in the troubleshooting topic Certificate
+ /// request fails. ACM makes repeated attempts to validate a certificate for
+ /// 72 hours and then times out. If a certificate shows status FAILED or
+ /// VALIDATION_TIMED_OUT, delete the request, correct the issue with DNS
+ /// validation or Email
+ /// validation, and try again. If validation succeeds, the certificate
+ /// enters status ISSUED.
final CertificateStatus? status;
/// The name of the entity that is associated with the public key contained in
@@ -997,7 +1139,7 @@ class CertificateDetail {
/// differences between certificates that you import and those that ACM
/// provides, see Importing
- /// Certificates in the AWS Certificate Manager User Guide.
+ /// Certificates in the Certificate Manager User Guide.
final CertificateType? type;
CertificateDetail({
@@ -1028,6 +1170,7 @@ class CertificateDetail {
this.subjectAlternativeNames,
this.type,
});
+
factory CertificateDetail.fromJson(Map json) {
return CertificateDetail(
certificateArn: json['CertificateArn'] as String?,
@@ -1100,6 +1243,7 @@ class CertificateOptions {
CertificateOptions({
this.certificateTransparencyLoggingPreference,
});
+
factory CertificateOptions.fromJson(Map json) {
return CertificateOptions(
certificateTransparencyLoggingPreference:
@@ -1181,21 +1325,165 @@ class CertificateSummary {
///
/// For more information about ARNs, see Amazon
- /// Resource Names (ARNs) and AWS Service Namespaces.
+ /// Resource Names (ARNs).
final String? certificateArn;
+ /// The time at which the certificate was requested.
+ final DateTime? createdAt;
+
/// Fully qualified domain name (FQDN), such as www.example.com or example.com,
/// for the certificate.
final String? domainName;
+ /// Indicates whether the certificate has been exported. This value exists only
+ /// when the certificate type is PRIVATE.
+ final bool? exported;
+
+ /// Contains a list of Extended Key Usage X.509 v3 extension objects. Each
+ /// object specifies a purpose for which the certificate public key can be used
+ /// and consists of a name and an object identifier (OID).
+ final List? extendedKeyUsages;
+
+ /// When called by ListCertificates,
+ /// indicates whether the full list of subject alternative names has been
+ /// included in the response. If false, the response includes all of the subject
+ /// alternative names included in the certificate. If true, the response only
+ /// includes the first 100 subject alternative names included in the
+ /// certificate. To display the full list of subject alternative names, use DescribeCertificate.
+ final bool? hasAdditionalSubjectAlternativeNames;
+
+ /// The date and time when the certificate was imported. This value exists only
+ /// when the certificate type is IMPORTED.
+ final DateTime? importedAt;
+
+ /// Indicates whether the certificate is currently in use by any Amazon Web
+ /// Services resources.
+ final bool? inUse;
+
+ /// The time at which the certificate was issued. This value exists only when
+ /// the certificate type is AMAZON_ISSUED.
+ final DateTime? issuedAt;
+
+ /// The algorithm that was used to generate the public-private key pair.
+ final KeyAlgorithm? keyAlgorithm;
+
+ /// A list of Key Usage X.509 v3 extension objects. Each object is a string
+ /// value that identifies the purpose of the public key contained in the
+ /// certificate. Possible extension values include DIGITAL_SIGNATURE,
+ /// KEY_ENCHIPHERMENT, NON_REPUDIATION, and more.
+ final List? keyUsages;
+
+ /// The time after which the certificate is not valid.
+ final DateTime? notAfter;
+
+ /// The time before which the certificate is not valid.
+ final DateTime? notBefore;
+
+ /// Specifies whether the certificate is eligible for renewal. At this time,
+ /// only exported private certificates can be renewed with the
+ /// RenewCertificate command.
+ final RenewalEligibility? renewalEligibility;
+
+ /// The time at which the certificate was revoked. This value exists only when
+ /// the certificate status is REVOKED.
+ final DateTime? revokedAt;
+
+ /// The status of the certificate.
+ ///
+ /// A certificate enters status PENDING_VALIDATION upon being requested, unless
+ /// it fails for any of the reasons given in the troubleshooting topic Certificate
+ /// request fails. ACM makes repeated attempts to validate a certificate for
+ /// 72 hours and then times out. If a certificate shows status FAILED or
+ /// VALIDATION_TIMED_OUT, delete the request, correct the issue with DNS
+ /// validation or Email
+ /// validation, and try again. If validation succeeds, the certificate
+ /// enters status ISSUED.
+ final CertificateStatus? status;
+
+ /// One or more domain names (subject alternative names) included in the
+ /// certificate. This list contains the domain names that are bound to the
+ /// public key that is contained in the certificate. The subject alternative
+ /// names include the canonical domain name (CN) of the certificate and
+ /// additional domain names that can be used to connect to the website.
+ ///
+ /// When called by ListCertificates,
+ /// this parameter will only return the first 100 subject alternative names
+ /// included in the certificate. To display the full list of subject alternative
+ /// names, use DescribeCertificate.
+ final List? subjectAlternativeNameSummaries;
+
+ /// The source of the certificate. For certificates provided by ACM, this value
+ /// is AMAZON_ISSUED. For certificates that you imported with
+ /// ImportCertificate, this value is IMPORTED. ACM does not
+ /// provide managed
+ /// renewal for imported certificates. For more information about the
+ /// differences between certificates that you import and those that ACM
+ /// provides, see Importing
+ /// Certificates in the Certificate Manager User Guide.
+ final CertificateType? type;
+
CertificateSummary({
this.certificateArn,
+ this.createdAt,
this.domainName,
+ this.exported,
+ this.extendedKeyUsages,
+ this.hasAdditionalSubjectAlternativeNames,
+ this.importedAt,
+ this.inUse,
+ this.issuedAt,
+ this.keyAlgorithm,
+ this.keyUsages,
+ this.notAfter,
+ this.notBefore,
+ this.renewalEligibility,
+ this.revokedAt,
+ this.status,
+ this.subjectAlternativeNameSummaries,
+ this.type,
});
+
factory CertificateSummary.fromJson(Map json) {
return CertificateSummary(
certificateArn: json['CertificateArn'] as String?,
+ createdAt: timeStampFromJson(json['CreatedAt']),
domainName: json['DomainName'] as String?,
+ exported: json['Exported'] as bool?,
+ extendedKeyUsages: (json['ExtendedKeyUsages'] as List?)
+ ?.whereNotNull()
+ .map((e) => (e as String).toExtendedKeyUsageName())
+ .toList(),
+ hasAdditionalSubjectAlternativeNames:
+ json['HasAdditionalSubjectAlternativeNames'] as bool?,
+ importedAt: timeStampFromJson(json['ImportedAt']),
+ inUse: json['InUse'] as bool?,
+ issuedAt: timeStampFromJson(json['IssuedAt']),
+ keyAlgorithm: (json['KeyAlgorithm'] as String?)?.toKeyAlgorithm(),
+ keyUsages: (json['KeyUsages'] as List?)
+ ?.whereNotNull()
+ .map((e) => (e as String).toKeyUsageName())
+ .toList(),
+ notAfter: timeStampFromJson(json['NotAfter']),
+ notBefore: timeStampFromJson(json['NotBefore']),
+ renewalEligibility:
+ (json['RenewalEligibility'] as String?)?.toRenewalEligibility(),
+ revokedAt: timeStampFromJson(json['RevokedAt']),
+ status: (json['Status'] as String?)?.toCertificateStatus(),
+ subjectAlternativeNameSummaries:
+ (json['SubjectAlternativeNameSummaries'] as List?)
+ ?.whereNotNull()
+ .map((e) => e as String)
+ .toList(),
+ type: (json['Type'] as String?)?.toCertificateType(),
);
}
}
@@ -1271,6 +1559,7 @@ class DescribeCertificateResponse {
DescribeCertificateResponse({
this.certificate,
});
+
factory DescribeCertificateResponse.fromJson(Map json) {
return DescribeCertificateResponse(
certificate: json['Certificate'] != null
@@ -1366,6 +1655,7 @@ class DomainValidation {
this.validationMethod,
this.validationStatus,
});
+
factory DomainValidation.fromJson(Map json) {
return DomainValidation(
domainName: json['DomainName'] as String,
@@ -1432,6 +1722,33 @@ class DomainValidationOption {
}
}
+/// Object containing expiration events options associated with an Amazon Web
+/// Services account.
+class ExpiryEventsConfiguration {
+ /// Specifies the number of days prior to certificate expiration when ACM starts
+ /// generating