This commit is contained in:
ajayk 2019-06-26 20:11:49 -07:00
parent 56e6ff8e51
commit 659e364d65
10 changed files with 994 additions and 239 deletions

2
go.mod
View File

@ -16,7 +16,7 @@ require (
github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2 github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da // indirect github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da // indirect
github.com/armon/go-radix v1.0.0 // indirect github.com/armon/go-radix v1.0.0 // indirect
github.com/aws/aws-sdk-go v1.20.4 github.com/aws/aws-sdk-go v1.20.10
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f // indirect github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f // indirect
github.com/blang/semver v3.5.1+incompatible github.com/blang/semver v3.5.1+incompatible
github.com/boltdb/bolt v1.3.1 // indirect github.com/boltdb/bolt v1.3.1 // indirect

4
go.sum
View File

@ -57,8 +57,8 @@ github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgI
github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM= github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM=
github.com/aws/aws-sdk-go v1.16.36 h1:POeH34ZME++pr7GBGh+ZO6Y5kOwSMQpqp5BGUgooJ6k= github.com/aws/aws-sdk-go v1.16.36 h1:POeH34ZME++pr7GBGh+ZO6Y5kOwSMQpqp5BGUgooJ6k=
github.com/aws/aws-sdk-go v1.16.36/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.16.36/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.20.4 h1:czX3oqFyqz/AELrK/tneNuyZgNIrWnyqP+iQXsQ32E0= github.com/aws/aws-sdk-go v1.20.10 h1:wrwdNYb9Xe1ahNEEXl0M/O/g/dmonWag1TFAKVNQulM=
github.com/aws/aws-sdk-go v1.20.4/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.20.10/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f h1:ZNv7On9kyUzm7fvRZumSyy/IUiSC7AzL0I1jKKtwooA= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f h1:ZNv7On9kyUzm7fvRZumSyy/IUiSC7AzL0I1jKKtwooA=
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0=

View File

@ -1179,6 +1179,7 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
"ca-central-1": endpoint{}, "ca-central-1": endpoint{},
"eu-central-1": endpoint{}, "eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"eu-west-2": endpoint{}, "eu-west-2": endpoint{},
"sa-east-1": endpoint{}, "sa-east-1": endpoint{},
@ -1556,6 +1557,7 @@ var awsPartition = partition{
Endpoints: endpoints{ Endpoints: endpoints{
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"us-east-1": endpoint{}, "us-east-1": endpoint{},
"us-east-2": endpoint{}, "us-east-2": endpoint{},
@ -1831,12 +1833,6 @@ var awsPartition = partition{
"kms": service{ "kms": service{
Endpoints: endpoints{ Endpoints: endpoints{
"ProdFips": endpoint{
Hostname: "kms-fips.ca-central-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "ca-central-1",
},
},
"ap-east-1": endpoint{}, "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
@ -2000,6 +1996,7 @@ var awsPartition = partition{
"ap-southeast-1": endpoint{}, "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
"eu-central-1": endpoint{}, "eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"sa-east-1": endpoint{}, "sa-east-1": endpoint{},
"us-east-1": endpoint{}, "us-east-1": endpoint{},
@ -2115,12 +2112,14 @@ var awsPartition = partition{
Endpoints: endpoints{ Endpoints: endpoints{
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{}, "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
"ca-central-1": endpoint{}, "ca-central-1": endpoint{},
"eu-central-1": endpoint{}, "eu-central-1": endpoint{},
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"eu-west-2": endpoint{}, "eu-west-2": endpoint{},
"eu-west-3": endpoint{},
"us-east-1": endpoint{}, "us-east-1": endpoint{},
"us-east-2": endpoint{}, "us-east-2": endpoint{},
"us-west-1": endpoint{}, "us-west-1": endpoint{},
@ -3416,6 +3415,7 @@ var awsPartition = partition{
"xray": service{ "xray": service{
Endpoints: endpoints{ Endpoints: endpoints{
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-south-1": endpoint{}, "ap-south-1": endpoint{},
@ -3886,6 +3886,12 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{}, "cn-northwest-1": endpoint{},
}, },
}, },
"support": service{
Endpoints: endpoints{
"aws-cn-global": endpoint{},
},
},
"swf": service{ "swf": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -4090,6 +4096,12 @@ var awsusgovPartition = partition{
"us-gov-west-1": endpoint{}, "us-gov-west-1": endpoint{},
}, },
}, },
"datasync": service{
Endpoints: endpoints{
"us-gov-west-1": endpoint{},
},
},
"directconnect": service{ "directconnect": service{
Endpoints: endpoints{ Endpoints: endpoints{

View File

@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go" const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK // SDKVersion is the version of this SDK
const SDKVersion = "1.20.4" const SDKVersion = "1.20.10"

File diff suppressed because it is too large Load Diff

View File

@ -3,7 +3,7 @@ AttributeValue Marshaling and Unmarshaling Helpers
Utility helpers to marshal and unmarshal AttributeValue to and Utility helpers to marshal and unmarshal AttributeValue to and
from Go types can be found in the dynamodbattribute sub package. This package from Go types can be found in the dynamodbattribute sub package. This package
provides has specialized functions for the common ways of working with provides specialized functions for the common ways of working with
AttributeValues. Such as map[string]*AttributeValue, []*AttributeValue, and AttributeValues. Such as map[string]*AttributeValue, []*AttributeValue, and
directly with *AttributeValue. This is helpful for marshaling Go types for API directly with *AttributeValue. This is helpful for marshaling Go types for API
operations such as PutItem, and unmarshaling Query and Scan APIs' responses. operations such as PutItem, and unmarshaling Query and Scan APIs' responses.

View File

@ -184,6 +184,8 @@ const (
// index (LSI) becomes too large, or a similar validation error occurs because // index (LSI) becomes too large, or a similar validation error occurs because
// of changes made by the transaction. // of changes made by the transaction.
// //
// * The aggregate size of the items in the transaction exceeds 4 MBs.
//
// * There is a user error, such as an invalid data format. // * There is a user error, such as an invalid data format.
// //
// DynamoDB cancels a TransactGetItems request under the following circumstances: // DynamoDB cancels a TransactGetItems request under the following circumstances:
@ -198,6 +200,8 @@ const (
// * There is insufficient provisioned capacity for the transaction to be // * There is insufficient provisioned capacity for the transaction to be
// completed. // completed.
// //
// * The aggregate size of the items in the transaction exceeds 4 MBs.
//
// * There is a user error, such as an invalid data format. // * There is a user error, such as an invalid data format.
// //
// If using Java, DynamoDB lists the cancellation reasons on the CancellationReasons // If using Java, DynamoDB lists the cancellation reasons on the CancellationReasons

View File

@ -5040,6 +5040,199 @@ func (c *IAM) GenerateCredentialReportWithContext(ctx aws.Context, input *Genera
return out, req.Send() return out, req.Send()
} }
const opGenerateOrganizationsAccessReport = "GenerateOrganizationsAccessReport"
// GenerateOrganizationsAccessReportRequest generates a "aws/request.Request" representing the
// client's request for the GenerateOrganizationsAccessReport operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GenerateOrganizationsAccessReport for more information on using the GenerateOrganizationsAccessReport
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the GenerateOrganizationsAccessReportRequest method.
// req, resp := client.GenerateOrganizationsAccessReportRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateOrganizationsAccessReport
func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizationsAccessReportInput) (req *request.Request, output *GenerateOrganizationsAccessReportOutput) {
op := &request.Operation{
Name: opGenerateOrganizationsAccessReport,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &GenerateOrganizationsAccessReportInput{}
}
output = &GenerateOrganizationsAccessReportOutput{}
req = c.newRequest(op, input, output)
return
}
// GenerateOrganizationsAccessReport API operation for AWS Identity and Access Management.
//
// Generates a report for service last accessed data for AWS Organizations.
// You can generate a report for any entities (organization root, organizational
// unit, or account) or policies in your organization.
//
// To call this operation, you must be signed in using your AWS Organizations
// master account credentials. You can use your long-term IAM user or root user
// credentials, or temporary credentials from assuming an IAM role. SCPs must
// be enabled for your organization root. You must have the required IAM and
// AWS Organizations permissions. For more information, see Refining Permissions
// Using Service Last Accessed Data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
//
// You can generate a service last accessed data report for entities by specifying
// only the entity's path. This data includes a list of services that are allowed
// by any service control policies (SCPs) that apply to the entity.
//
// You can generate a service last accessed data report for a policy by specifying
// an entity's path and an optional AWS Organizations policy ID. This data includes
// a list of services that are allowed by the specified SCP.
//
// For each service in both report types, the data includes the most recent
// account activity that the policy allows to account principals in the entity
// or the entity's children. For important information about the data, reporting
// period, permissions required, troubleshooting, and supported Regions see
// Reducing Permissions Using Service Last Accessed Data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
//
// The data includes all attempts to access AWS, not just the successful ones.
// This includes all attempts that were made using the AWS Management Console,
// the AWS API through any of the SDKs, or any of the command line tools. An
// unexpected entry in the service last accessed data does not mean that an
// account has been compromised, because the request might have been denied.
// Refer to your CloudTrail logs as the authoritative source for information
// about all API calls and whether they were successful or denied access. For
// more information, see Logging IAM Events with CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
// in the IAM User Guide.
//
// This operation returns a JobId. Use this parameter in the GetOrganizationsAccessReport
// operation to check the status of the report generation. To check the status
// of this request, use the JobId parameter in the GetOrganizationsAccessReport
// operation and test the JobStatus response parameter. When the job is complete,
// you can retrieve the report.
//
// To generate a service last accessed data report for entities, specify an
// entity path without specifying the optional AWS Organizations policy ID.
// The type of entity that you specify determines the data returned in the report.
//
// * Root When you specify the organizations root as the entity, the
// resulting report lists all of the services allowed by SCPs that are attached
// to your root. For each service, the report includes data for all accounts
// in your organization except the master account, because the master account
// is not limited by SCPs.
//
// * OU When you specify an organizational unit (OU) as the entity, the
// resulting report lists all of the services allowed by SCPs that are attached
// to the OU and its parents. For each service, the report includes data
// for all accounts in the OU or its children. This data excludes the master
// account, because the master account is not limited by SCPs.
//
// * Master account When you specify the master account, the resulting
// report lists all AWS services, because the master account is not limited
// by SCPs. For each service, the report includes data for only the master
// account.
//
// * Account When you specify another account as the entity, the resulting
// report lists all of the services allowed by SCPs that are attached to
// the account and its parents. For each service, the report includes data
// for only the specified account.
//
// To generate a service last accessed data report for policies, specify an
// entity path and the optional AWS Organizations policy ID. The type of entity
// that you specify determines the data returned for each service.
//
// * Root When you specify the root entity and a policy ID, the resulting
// report lists all of the services that are allowed by the specified SCP.
// For each service, the report includes data for all accounts in your organization
// to which the SCP applies. This data excludes the master account, because
// the master account is not limited by SCPs. If the SCP is not attached
// to any entities in the organization, then the report will return a list
// of services with no data.
//
// * OU When you specify an OU entity and a policy ID, the resulting
// report lists all of the services that are allowed by the specified SCP.
// For each service, the report includes data for all accounts in the OU
// or its children to which the SCP applies. This means that other accounts
// outside the OU that are affected by the SCP might not be included in the
// data. This data excludes the master account, because the master account
// is not limited by SCPs. If the SCP is not attached to the OU or one of
// its children, the report will return a list of services with no data.
//
// * Master account When you specify the master account, the resulting
// report lists all AWS services, because the master account is not limited
// by SCPs. If you specify a policy ID in the CLI or API, the policy is ignored.
// For each service, the report includes data for only the master account.
//
// * Account When you specify another account entity and a policy ID,
// the resulting report lists all of the services that are allowed by the
// specified SCP. For each service, the report includes data for only the
// specified account. This means that other accounts in the organization
// that are affected by the SCP might not be included in the data. If the
// SCP is not attached to the account, the report will return a list of services
// with no data.
//
// Service last accessed data does not use other policy types when determining
// whether a principal could access a service. These other policy types include
// identity-based policies, resource-based policies, access control lists, IAM
// permissions boundaries, and STS assume role policies. It only applies SCP
// logic. For more about the evaluation of policy types, see Evaluating Policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics)
// in the IAM User Guide.
//
// For more information about service last accessed data, see Reducing Policy
// Scope by Viewing User Activity (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GenerateOrganizationsAccessReport for usage and error information.
//
// Returned Error Codes:
// * ErrCodeReportGenerationLimitExceededException "ReportGenerationLimitExceeded"
// The request failed because the maximum number of concurrent requests for
// this account are already running.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateOrganizationsAccessReport
func (c *IAM) GenerateOrganizationsAccessReport(input *GenerateOrganizationsAccessReportInput) (*GenerateOrganizationsAccessReportOutput, error) {
req, out := c.GenerateOrganizationsAccessReportRequest(input)
return out, req.Send()
}
// GenerateOrganizationsAccessReportWithContext is the same as GenerateOrganizationsAccessReport with the addition of
// the ability to pass a context and additional request options.
//
// See GenerateOrganizationsAccessReport for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GenerateOrganizationsAccessReportWithContext(ctx aws.Context, input *GenerateOrganizationsAccessReportInput, opts ...request.Option) (*GenerateOrganizationsAccessReportOutput, error) {
req, out := c.GenerateOrganizationsAccessReportRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opGenerateServiceLastAccessedDetails = "GenerateServiceLastAccessedDetails" const opGenerateServiceLastAccessedDetails = "GenerateServiceLastAccessedDetails"
// GenerateServiceLastAccessedDetailsRequest generates a "aws/request.Request" representing the // GenerateServiceLastAccessedDetailsRequest generates a "aws/request.Request" representing the
@ -5084,12 +5277,11 @@ func (c *IAM) GenerateServiceLastAccessedDetailsRequest(input *GenerateServiceLa
// GenerateServiceLastAccessedDetails API operation for AWS Identity and Access Management. // GenerateServiceLastAccessedDetails API operation for AWS Identity and Access Management.
// //
// Generates a request for a report that includes details about when an IAM // Generates a report that includes details about when an IAM resource (user,
// resource (user, group, role, or policy) was last used in an attempt to access // group, role, or policy) was last used in an attempt to access AWS services.
// AWS services. Recent activity usually appears within four hours. IAM reports // Recent activity usually appears within four hours. IAM reports activity for
// activity for the last 365 days, or less if your Region began supporting this // the last 365 days, or less if your Region began supporting this feature within
// feature within the last year. For more information, see Regions Where Data // the last year. For more information, see Regions Where Data Is Tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period).
// Is Tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period).
// //
// The service last accessed data includes all attempts to access an AWS API, // The service last accessed data includes all attempts to access an AWS API,
// not just the successful ones. This includes all attempts that were made using // not just the successful ones. This includes all attempts that were made using
@ -6361,6 +6553,105 @@ func (c *IAM) GetOpenIDConnectProviderWithContext(ctx aws.Context, input *GetOpe
return out, req.Send() return out, req.Send()
} }
const opGetOrganizationsAccessReport = "GetOrganizationsAccessReport"
// GetOrganizationsAccessReportRequest generates a "aws/request.Request" representing the
// client's request for the GetOrganizationsAccessReport operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetOrganizationsAccessReport for more information on using the GetOrganizationsAccessReport
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the GetOrganizationsAccessReportRequest method.
// req, resp := client.GetOrganizationsAccessReportRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOrganizationsAccessReport
func (c *IAM) GetOrganizationsAccessReportRequest(input *GetOrganizationsAccessReportInput) (req *request.Request, output *GetOrganizationsAccessReportOutput) {
op := &request.Operation{
Name: opGetOrganizationsAccessReport,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &GetOrganizationsAccessReportInput{}
}
output = &GetOrganizationsAccessReportOutput{}
req = c.newRequest(op, input, output)
return
}
// GetOrganizationsAccessReport API operation for AWS Identity and Access Management.
//
// Retrieves the service last accessed data report for AWS Organizations that
// was previously generated using the GenerateOrganizationsAccessReport operation.
// This operation retrieves the status of your report job and the report contents.
//
// Depending on the parameters that you passed when you generated the report,
// the data returned could include different information. For details, see GenerateOrganizationsAccessReport.
//
// To call this operation, you must be signed in to the master account in your
// organization. SCPs must be enabled for your organization root. You must have
// permissions to perform this operation. For more information, see Refining
// Permissions Using Service Last Accessed Data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
//
// For each service that principals in an account (root users, IAM users, or
// IAM roles) could access using SCPs, the operation returns details about the
// most recent access attempt. If there was no attempt, the service is listed
// without details about the most recent attempt to access the service. If the
// operation fails, it returns the reason that it failed.
//
// By default, the list is sorted by service namespace.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetOrganizationsAccessReport for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNoSuchEntityException "NoSuchEntity"
// The request was rejected because it referenced a resource entity that does
// not exist. The error message describes the resource.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOrganizationsAccessReport
func (c *IAM) GetOrganizationsAccessReport(input *GetOrganizationsAccessReportInput) (*GetOrganizationsAccessReportOutput, error) {
req, out := c.GetOrganizationsAccessReportRequest(input)
return out, req.Send()
}
// GetOrganizationsAccessReportWithContext is the same as GetOrganizationsAccessReport with the addition of
// the ability to pass a context and additional request options.
//
// See GetOrganizationsAccessReport for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetOrganizationsAccessReportWithContext(ctx aws.Context, input *GetOrganizationsAccessReportInput, opts ...request.Option) (*GetOrganizationsAccessReportOutput, error) {
req, out := c.GetOrganizationsAccessReportRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opGetPolicy = "GetPolicy" const opGetPolicy = "GetPolicy"
// GetPolicyRequest generates a "aws/request.Request" representing the // GetPolicyRequest generates a "aws/request.Request" representing the
@ -7080,10 +7371,11 @@ func (c *IAM) GetServiceLastAccessedDetailsRequest(input *GetServiceLastAccessed
// GetServiceLastAccessedDetails API operation for AWS Identity and Access Management. // GetServiceLastAccessedDetails API operation for AWS Identity and Access Management.
// //
// After you generate a user, group, role, or policy report using the GenerateServiceLastAccessedDetails // Retrieves a service last accessed report that was created using the GenerateServiceLastAccessedDetails
// operation, you can use the JobId parameter in GetServiceLastAccessedDetails. // operation. You can use the JobId parameter in GetServiceLastAccessedDetails
// This operation retrieves the status of your report job and a list of AWS // to retrieve the status of your report job. When the report is complete, you
// services that the resource (user, group, role, or managed policy) can access. // can retrieve the generated report. The report includes a list of AWS services
// that the resource (user, group, role, or managed policy) can access.
// //
// Service last accessed data does not use other policy types when determining // Service last accessed data does not use other policy types when determining
// whether a resource could access a service. These other policy types include // whether a resource could access a service. These other policy types include
@ -15036,6 +15328,108 @@ func (c *IAM) UploadSigningCertificateWithContext(ctx aws.Context, input *Upload
return out, req.Send() return out, req.Send()
} }
// An object that contains details about when a principal in the reported AWS
// Organizations entity last attempted to access an AWS service. A principal
// can be an IAM user, an IAM role, or the AWS account root user within the
// reported Organizations entity.
//
// This data type is a response element in the GetOrganizationsAccessReport
// operation.
type AccessDetail struct {
_ struct{} `type:"structure"`
// The path of the Organizations entity (root, organizational unit, or account)
// from which an authenticated principal last attempted to access the service.
// AWS does not report unauthenticated requests.
//
// This field is null if no principals (IAM users, IAM roles, or root users)
// in the reported Organizations entity attempted to access the service within
// the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
EntityPath *string `min:"19" type:"string"`
// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
// when an authenticated principal most recently attempted to access the service.
// AWS does not report unauthenticated requests.
//
// This field is null if no principals in the reported Organizations entity
// attempted to access the service within the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
LastAuthenticatedTime *time.Time `type:"timestamp"`
// The Region where the last service access attempt occurred.
//
// This field is null if no principals in the reported Organizations entity
// attempted to access the service within the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
Region *string `type:"string"`
// The name of the service in which access was attempted.
//
// ServiceName is a required field
ServiceName *string `type:"string" required:"true"`
// The namespace of the service in which access was attempted.
//
// To learn the service namespace of a service, go to Actions, Resources, and
// Condition Keys for AWS Services (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html)
// in the IAM User Guide. Choose the name of the service to view details for
// that service. In the first paragraph, find the service prefix. For example,
// (service prefix: a4b). For more information about service namespaces, see
// AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces)
// in the AWS General Reference.
//
// ServiceNamespace is a required field
ServiceNamespace *string `min:"1" type:"string" required:"true"`
// The number of accounts with authenticated principals (root users, IAM users,
// and IAM roles) that attempted to access the service in the reporting period.
TotalAuthenticatedEntities *int64 `type:"integer"`
}
// String returns the string representation
func (s AccessDetail) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
func (s AccessDetail) GoString() string {
return s.String()
}
// SetEntityPath sets the EntityPath field's value.
func (s *AccessDetail) SetEntityPath(v string) *AccessDetail {
s.EntityPath = &v
return s
}
// SetLastAuthenticatedTime sets the LastAuthenticatedTime field's value.
func (s *AccessDetail) SetLastAuthenticatedTime(v time.Time) *AccessDetail {
s.LastAuthenticatedTime = &v
return s
}
// SetRegion sets the Region field's value.
func (s *AccessDetail) SetRegion(v string) *AccessDetail {
s.Region = &v
return s
}
// SetServiceName sets the ServiceName field's value.
func (s *AccessDetail) SetServiceName(v string) *AccessDetail {
s.ServiceName = &v
return s
}
// SetServiceNamespace sets the ServiceNamespace field's value.
func (s *AccessDetail) SetServiceNamespace(v string) *AccessDetail {
s.ServiceNamespace = &v
return s
}
// SetTotalAuthenticatedEntities sets the TotalAuthenticatedEntities field's value.
func (s *AccessDetail) SetTotalAuthenticatedEntities(v int64) *AccessDetail {
s.TotalAuthenticatedEntities = &v
return s
}
// Contains information about an AWS access key. // Contains information about an AWS access key.
// //
// This data type is used as a response element in the CreateAccessKey and ListAccessKeys // This data type is used as a response element in the CreateAccessKey and ListAccessKeys
@ -15130,12 +15524,12 @@ type AccessKeyLastUsed struct {
// * An access key exists but has not been used since IAM began tracking // * An access key exists but has not been used since IAM began tracking
// this information. // this information.
// //
// * There is no sign-in data associated with the user // * There is no sign-in data associated with the user.
// //
// LastUsedDate is a required field // LastUsedDate is a required field
LastUsedDate *time.Time `type:"timestamp" required:"true"` LastUsedDate *time.Time `type:"timestamp" required:"true"`
// The AWS region where this access key was most recently used. The value for // The AWS Region where this access key was most recently used. The value for
// this field is "N/A" in the following situations: // this field is "N/A" in the following situations:
// //
// * The user does not have an access key. // * The user does not have an access key.
@ -15143,9 +15537,9 @@ type AccessKeyLastUsed struct {
// * An access key exists but has not been used since IAM began tracking // * An access key exists but has not been used since IAM began tracking
// this information. // this information.
// //
// * There is no sign-in data associated with the user // * There is no sign-in data associated with the user.
// //
// For more information about AWS regions, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html) // For more information about AWS Regions, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html)
// in the Amazon Web Services General Reference. // in the Amazon Web Services General Reference.
// //
// Region is a required field // Region is a required field
@ -15159,7 +15553,7 @@ type AccessKeyLastUsed struct {
// * An access key exists but has not been used since IAM started tracking // * An access key exists but has not been used since IAM started tracking
// this information. // this information.
// //
// * There is no sign-in data associated with the user // * There is no sign-in data associated with the user.
// //
// ServiceName is a required field // ServiceName is a required field
ServiceName *string `type:"string" required:"true"` ServiceName *string `type:"string" required:"true"`
@ -16778,7 +17172,7 @@ type CreateRoleInput struct {
// The trust relationship policy document that grants an entity permission to // The trust relationship policy document that grants an entity permission to
// assume the role. // assume the role.
// //
// in IAM, you must provide a JSON policy that has been converted to a string. // In IAM, you must provide a JSON policy that has been converted to a string.
// However, for AWS CloudFormation templates formatted in YAML, you can provide // However, for AWS CloudFormation templates formatted in YAML, you can provide
// the policy in JSON or YAML format. AWS CloudFormation always converts a YAML // the policy in JSON or YAML format. AWS CloudFormation always converts a YAML
// policy to JSON format before submitting it to IAM. // policy to JSON format before submitting it to IAM.
@ -19072,7 +19466,7 @@ type DeletionTaskFailureReasonType struct {
// role has active sessions or if any resources that were used by the role have // role has active sessions or if any resources that were used by the role have
// not been deleted from the linked service, the role can't be deleted. This // not been deleted from the linked service, the role can't be deleted. This
// parameter includes a list of the resources that are associated with the role // parameter includes a list of the resources that are associated with the role
// and the region in which the resources are being used. // and the Region in which the resources are being used.
RoleUsageList []*RoleUsageType `type:"list"` RoleUsageList []*RoleUsageType `type:"list"`
} }
@ -19593,8 +19987,9 @@ func (s *EntityInfo) SetType(v string) *EntityInfo {
// Contains information about the reason that the operation failed. // Contains information about the reason that the operation failed.
// //
// This data type is used as a response element in the GetServiceLastAccessedDetails // This data type is used as a response element in the GetOrganizationsAccessReport,
// operation and the GetServiceLastAccessedDetailsWithEntities operation. // GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities
// operations.
type ErrorDetails struct { type ErrorDetails struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
@ -19675,7 +20070,7 @@ type EvaluationResult struct {
// call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy. // call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
MissingContextValues []*string `type:"list"` MissingContextValues []*string `type:"list"`
// A structure that details how AWS Organizations and its service control policies // A structure that details how Organizations and its service control policies
// affect the results of the simulation. Only applies if the simulated user's // affect the results of the simulation. Only applies if the simulated user's
// account is part of an organization. // account is part of an organization.
OrganizationsDecisionDetail *OrganizationsDecisionDetail `type:"structure"` OrganizationsDecisionDetail *OrganizationsDecisionDetail `type:"structure"`
@ -19790,6 +20185,87 @@ func (s *GenerateCredentialReportOutput) SetState(v string) *GenerateCredentialR
return s return s
} }
type GenerateOrganizationsAccessReportInput struct {
_ struct{} `type:"structure"`
// The path of the AWS Organizations entity (root, OU, or account). You can
// build an entity path using the known structure of your organization. For
// example, assume that your account ID is 123456789012 and its parent OU ID
// is ou-rge0-awsabcde. The organization root ID is r-f6g7h8i9j0example and
// your organization ID is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012.
//
// EntityPath is a required field
EntityPath *string `min:"19" type:"string" required:"true"`
// The identifier of the AWS Organizations service control policy (SCP). This
// parameter is optional.
//
// This ID is used to generate information about when an account principal that
// is limited by the SCP attempted to access an AWS service.
OrganizationsPolicyId *string `type:"string"`
}
// String returns the string representation
func (s GenerateOrganizationsAccessReportInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
func (s GenerateOrganizationsAccessReportInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *GenerateOrganizationsAccessReportInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "GenerateOrganizationsAccessReportInput"}
if s.EntityPath == nil {
invalidParams.Add(request.NewErrParamRequired("EntityPath"))
}
if s.EntityPath != nil && len(*s.EntityPath) < 19 {
invalidParams.Add(request.NewErrParamMinLen("EntityPath", 19))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetEntityPath sets the EntityPath field's value.
func (s *GenerateOrganizationsAccessReportInput) SetEntityPath(v string) *GenerateOrganizationsAccessReportInput {
s.EntityPath = &v
return s
}
// SetOrganizationsPolicyId sets the OrganizationsPolicyId field's value.
func (s *GenerateOrganizationsAccessReportInput) SetOrganizationsPolicyId(v string) *GenerateOrganizationsAccessReportInput {
s.OrganizationsPolicyId = &v
return s
}
type GenerateOrganizationsAccessReportOutput struct {
_ struct{} `type:"structure"`
// The job identifier that you can use in the GetOrganizationsAccessReport operation.
JobId *string `min:"36" type:"string"`
}
// String returns the string representation
func (s GenerateOrganizationsAccessReportOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
func (s GenerateOrganizationsAccessReportOutput) GoString() string {
return s.String()
}
// SetJobId sets the JobId field's value.
func (s *GenerateOrganizationsAccessReportOutput) SetJobId(v string) *GenerateOrganizationsAccessReportOutput {
s.JobId = &v
return s
}
type GenerateServiceLastAccessedDetailsInput struct { type GenerateServiceLastAccessedDetailsInput struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
@ -20878,6 +21354,211 @@ func (s *GetOpenIDConnectProviderOutput) SetUrl(v string) *GetOpenIDConnectProvi
return s return s
} }
type GetOrganizationsAccessReportInput struct {
_ struct{} `type:"structure"`
// The identifier of the request generated by the GenerateOrganizationsAccessReport
// operation.
//
// JobId is a required field
JobId *string `min:"36" type:"string" required:"true"`
// Use this parameter only when paginating results and only after you receive
// a response indicating that the results are truncated. Set it to the value
// of the Marker element in the response that you received to indicate where
// the next call should start.
Marker *string `min:"1" type:"string"`
// Use this only when paginating results to indicate the maximum number of items
// you want in the response. If additional items exist beyond the maximum you
// specify, the IsTruncated response element is true.
//
// If you do not include this parameter, the number of items defaults to 100.
// Note that IAM might return fewer results, even when there are more results
// available. In that case, the IsTruncated response element returns true, and
// Marker contains a value to include in the subsequent call that tells the
// service where to continue from.
MaxItems *int64 `min:"1" type:"integer"`
// The key that is used to sort the results. If you choose the namespace key,
// the results are returned in alphabetical order. If you choose the time key,
// the results are sorted numerically by the date and time.
SortKey *string `type:"string" enum:"sortKeyType"`
}
// String returns the string representation
func (s GetOrganizationsAccessReportInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
func (s GetOrganizationsAccessReportInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *GetOrganizationsAccessReportInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "GetOrganizationsAccessReportInput"}
if s.JobId == nil {
invalidParams.Add(request.NewErrParamRequired("JobId"))
}
if s.JobId != nil && len(*s.JobId) < 36 {
invalidParams.Add(request.NewErrParamMinLen("JobId", 36))
}
if s.Marker != nil && len(*s.Marker) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
}
if s.MaxItems != nil && *s.MaxItems < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetJobId sets the JobId field's value.
func (s *GetOrganizationsAccessReportInput) SetJobId(v string) *GetOrganizationsAccessReportInput {
s.JobId = &v
return s
}
// SetMarker sets the Marker field's value.
func (s *GetOrganizationsAccessReportInput) SetMarker(v string) *GetOrganizationsAccessReportInput {
s.Marker = &v
return s
}
// SetMaxItems sets the MaxItems field's value.
func (s *GetOrganizationsAccessReportInput) SetMaxItems(v int64) *GetOrganizationsAccessReportInput {
s.MaxItems = &v
return s
}
// SetSortKey sets the SortKey field's value.
func (s *GetOrganizationsAccessReportInput) SetSortKey(v string) *GetOrganizationsAccessReportInput {
s.SortKey = &v
return s
}
type GetOrganizationsAccessReportOutput struct {
_ struct{} `type:"structure"`
// An object that contains details about the most recent attempt to access the
// service.
AccessDetails []*AccessDetail `type:"list"`
// Contains information about the reason that the operation failed.
//
// This data type is used as a response element in the GetOrganizationsAccessReport,
// GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities
// operations.
ErrorDetails *ErrorDetails `type:"structure"`
// A flag that indicates whether there are more items to return. If your results
// were truncated, you can make a subsequent pagination request using the Marker
// request parameter to retrieve more items. Note that IAM might return fewer
// than the MaxItems number of results even when there are more results available.
// We recommend that you check IsTruncated after every call to ensure that you
// receive all your results.
IsTruncated *bool `type:"boolean"`
// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
// when the generated report job was completed or failed.
//
// This field is null if the job is still in progress, as indicated by a job
// status value of IN_PROGRESS.
JobCompletionDate *time.Time `type:"timestamp"`
// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
// when the report job was created.
//
// JobCreationDate is a required field
JobCreationDate *time.Time `type:"timestamp" required:"true"`
// The status of the job.
//
// JobStatus is a required field
JobStatus *string `type:"string" required:"true" enum:"jobStatusType"`
// When IsTruncated is true, this element is present and contains the value
// to use for the Marker parameter in a subsequent pagination request.
Marker *string `min:"1" type:"string"`
// The number of services that the applicable SCPs allow account principals
// to access.
NumberOfServicesAccessible *int64 `type:"integer"`
// The number of services that account principals are allowed but did not attempt
// to access.
NumberOfServicesNotAccessed *int64 `type:"integer"`
}
// String returns the string representation
func (s GetOrganizationsAccessReportOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
func (s GetOrganizationsAccessReportOutput) GoString() string {
return s.String()
}
// SetAccessDetails sets the AccessDetails field's value.
func (s *GetOrganizationsAccessReportOutput) SetAccessDetails(v []*AccessDetail) *GetOrganizationsAccessReportOutput {
s.AccessDetails = v
return s
}
// SetErrorDetails sets the ErrorDetails field's value.
func (s *GetOrganizationsAccessReportOutput) SetErrorDetails(v *ErrorDetails) *GetOrganizationsAccessReportOutput {
s.ErrorDetails = v
return s
}
// SetIsTruncated sets the IsTruncated field's value.
func (s *GetOrganizationsAccessReportOutput) SetIsTruncated(v bool) *GetOrganizationsAccessReportOutput {
s.IsTruncated = &v
return s
}
// SetJobCompletionDate sets the JobCompletionDate field's value.
func (s *GetOrganizationsAccessReportOutput) SetJobCompletionDate(v time.Time) *GetOrganizationsAccessReportOutput {
s.JobCompletionDate = &v
return s
}
// SetJobCreationDate sets the JobCreationDate field's value.
func (s *GetOrganizationsAccessReportOutput) SetJobCreationDate(v time.Time) *GetOrganizationsAccessReportOutput {
s.JobCreationDate = &v
return s
}
// SetJobStatus sets the JobStatus field's value.
func (s *GetOrganizationsAccessReportOutput) SetJobStatus(v string) *GetOrganizationsAccessReportOutput {
s.JobStatus = &v
return s
}
// SetMarker sets the Marker field's value.
func (s *GetOrganizationsAccessReportOutput) SetMarker(v string) *GetOrganizationsAccessReportOutput {
s.Marker = &v
return s
}
// SetNumberOfServicesAccessible sets the NumberOfServicesAccessible field's value.
func (s *GetOrganizationsAccessReportOutput) SetNumberOfServicesAccessible(v int64) *GetOrganizationsAccessReportOutput {
s.NumberOfServicesAccessible = &v
return s
}
// SetNumberOfServicesNotAccessed sets the NumberOfServicesNotAccessed field's value.
func (s *GetOrganizationsAccessReportOutput) SetNumberOfServicesNotAccessed(v int64) *GetOrganizationsAccessReportOutput {
s.NumberOfServicesNotAccessed = &v
return s
}
type GetPolicyInput struct { type GetPolicyInput struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
@ -21585,8 +22266,8 @@ type GetServiceLastAccessedDetailsOutput struct {
// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
// when the generated report job was completed or failed. // when the generated report job was completed or failed.
// //
// This field is null if the job is still in progress, as indicated by a JobStatus // This field is null if the job is still in progress, as indicated by a job
// value of IN_PROGRESS. // status value of IN_PROGRESS.
// //
// JobCompletionDate is a required field // JobCompletionDate is a required field
JobCompletionDate *time.Time `type:"timestamp" required:"true"` JobCompletionDate *time.Time `type:"timestamp" required:"true"`
@ -21792,6 +22473,9 @@ type GetServiceLastAccessedDetailsWithEntitiesOutput struct {
// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
// when the generated report job was completed or failed. // when the generated report job was completed or failed.
// //
// This field is null if the job is still in progress, as indicated by a job
// status value of IN_PROGRESS.
//
// JobCompletionDate is a required field // JobCompletionDate is a required field
JobCompletionDate *time.Time `type:"timestamp" required:"true"` JobCompletionDate *time.Time `type:"timestamp" required:"true"`
@ -26271,11 +26955,12 @@ func (s *OpenIDConnectProviderListEntry) SetArn(v string) *OpenIDConnectProvider
return s return s
} }
// Contains information about AWS Organizations's effect on a policy simulation. // Contains information about the effect that Organizations has on a policy
// simulation.
type OrganizationsDecisionDetail struct { type OrganizationsDecisionDetail struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// Specifies whether the simulated operation is allowed by the AWS Organizations // Specifies whether the simulated operation is allowed by the Organizations
// service control policies that impact the simulated user's account. // service control policies that impact the simulated user's account.
AllowedByOrganizations *bool `type:"boolean"` AllowedByOrganizations *bool `type:"boolean"`
} }
@ -26914,7 +27599,9 @@ type PutGroupPolicyInput struct {
// The name of the group to associate the policy with. // The name of the group to associate the policy with.
// //
// ®ex-name;. // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
// a string of characters consisting of upper and lowercase alphanumeric characters
// with no spaces. You can also include any of the following characters: _+=,.@-.
// //
// GroupName is a required field // GroupName is a required field
GroupName *string `min:"1" type:"string" required:"true"` GroupName *string `min:"1" type:"string" required:"true"`
@ -28201,7 +28888,7 @@ func (s *RoleDetail) SetTags(v []*Tag) *RoleDetail {
type RoleUsageType struct { type RoleUsageType struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// The name of the region where the service-linked role is being used. // The name of the Region where the service-linked role is being used.
Region *string `min:"1" type:"string"` Region *string `min:"1" type:"string"`
// The name of the resource that is using the service-linked role. // The name of the resource that is using the service-linked role.
@ -28599,10 +29286,10 @@ type ServiceLastAccessed struct {
// ServiceNamespace is a required field // ServiceNamespace is a required field
ServiceNamespace *string `min:"1" type:"string" required:"true"` ServiceNamespace *string `min:"1" type:"string" required:"true"`
// The total number of authenticated entities that have attempted to access // The total number of authenticated principals (root user, IAM users, or IAM
// the service. // roles) that have attempted to access the service.
// //
// This field is null if no IAM entities attempted to access the service within // This field is null if no principals attempted to access the service within
// the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
TotalAuthenticatedEntities *int64 `type:"integer"` TotalAuthenticatedEntities *int64 `type:"integer"`
} }
@ -29379,7 +30066,7 @@ type SimulatePrincipalPolicyInput struct {
CallerArn *string `min:"1" type:"string"` CallerArn *string `min:"1" type:"string"`
// A list of context keys and corresponding values for the simulation to use. // A list of context keys and corresponding values for the simulation to use.
// Whenever a context key is evaluated in one of the simulated IAM permission // Whenever a context key is evaluated in one of the simulated IAM permissions
// policies, the corresponding value is supplied. // policies, the corresponding value is supplied.
ContextEntries []*ContextEntry `type:"list"` ContextEntries []*ContextEntry `type:"list"`
@ -32334,6 +33021,20 @@ const (
PolicyTypeManaged = "MANAGED" PolicyTypeManaged = "MANAGED"
) )
const (
// SortKeyTypeServiceNamespaceAscending is a sortKeyType enum value
SortKeyTypeServiceNamespaceAscending = "SERVICE_NAMESPACE_ASCENDING"
// SortKeyTypeServiceNamespaceDescending is a sortKeyType enum value
SortKeyTypeServiceNamespaceDescending = "SERVICE_NAMESPACE_DESCENDING"
// SortKeyTypeLastAuthenticatedTimeAscending is a sortKeyType enum value
SortKeyTypeLastAuthenticatedTimeAscending = "LAST_AUTHENTICATED_TIME_ASCENDING"
// SortKeyTypeLastAuthenticatedTimeDescending is a sortKeyType enum value
SortKeyTypeLastAuthenticatedTimeDescending = "LAST_AUTHENTICATED_TIME_DESCENDING"
)
const ( const (
// StatusTypeActive is a statusType enum value // StatusTypeActive is a statusType enum value
StatusTypeActive = "Active" StatusTypeActive = "Active"

View File

@ -162,6 +162,13 @@ const (
// to the service-linked role for that service. // to the service-linked role for that service.
ErrCodePolicyNotAttachableException = "PolicyNotAttachable" ErrCodePolicyNotAttachableException = "PolicyNotAttachable"
// ErrCodeReportGenerationLimitExceededException for service response error code
// "ReportGenerationLimitExceeded".
//
// The request failed because the maximum number of concurrent requests for
// this account are already running.
ErrCodeReportGenerationLimitExceededException = "ReportGenerationLimitExceeded"
// ErrCodeServiceFailureException for service response error code // ErrCodeServiceFailureException for service response error code
// "ServiceFailure". // "ServiceFailure".
// //

2
vendor/modules.txt vendored
View File

@ -79,7 +79,7 @@ github.com/apparentlymart/go-textseg/textseg
github.com/armon/circbuf github.com/armon/circbuf
# github.com/armon/go-radix v1.0.0 # github.com/armon/go-radix v1.0.0
github.com/armon/go-radix github.com/armon/go-radix
# github.com/aws/aws-sdk-go v1.20.4 # github.com/aws/aws-sdk-go v1.20.10
github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws
github.com/aws/aws-sdk-go/aws/awserr github.com/aws/aws-sdk-go/aws/awserr
github.com/aws/aws-sdk-go/service/dynamodb github.com/aws/aws-sdk-go/service/dynamodb