Class: Aws::AccessAnalyzer::Types::CreateAccessPreviewRequest

Inherits:
Struct
  • Object
show all
Defined in:
gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb

Overview

Note:

When making an API call, you may pass CreateAccessPreviewRequest data as a hash:

{
  analyzer_arn: "AnalyzerArn", # required
  configurations: { # required
    "ConfigurationsMapKey" => {
      ebs_snapshot: {
        user_ids: ["EbsUserId"],
        groups: ["EbsGroup"],
        kms_key_id: "EbsSnapshotDataEncryptionKeyId",
      },
      ecr_repository: {
        repository_policy: "EcrRepositoryPolicy",
      },
      iam_role: {
        trust_policy: "IamTrustPolicy",
      },
      efs_file_system: {
        file_system_policy: "EfsFileSystemPolicy",
      },
      kms_key: {
        key_policies: {
          "PolicyName" => "KmsKeyPolicy",
        },
        grants: [
          {
            operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
            grantee_principal: "GranteePrincipal", # required
            retiring_principal: "RetiringPrincipal",
            constraints: {
              encryption_context_equals: {
                "KmsConstraintsKey" => "KmsConstraintsValue",
              },
              encryption_context_subset: {
                "KmsConstraintsKey" => "KmsConstraintsValue",
              },
            },
            issuing_account: "IssuingAccount", # required
          },
        ],
      },
      rds_db_cluster_snapshot: {
        attributes: {
          "RdsDbClusterSnapshotAttributeName" => {
            account_ids: ["RdsDbClusterSnapshotAccountId"],
          },
        },
        kms_key_id: "RdsDbClusterSnapshotKmsKeyId",
      },
      rds_db_snapshot: {
        attributes: {
          "RdsDbSnapshotAttributeName" => {
            account_ids: ["RdsDbSnapshotAccountId"],
          },
        },
        kms_key_id: "RdsDbSnapshotKmsKeyId",
      },
      secrets_manager_secret: {
        kms_key_id: "SecretsManagerSecretKmsId",
        secret_policy: "SecretsManagerSecretPolicy",
      },
      s3_bucket: {
        bucket_policy: "S3BucketPolicy",
        bucket_acl_grants: [
          {
            permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
            grantee: { # required
              id: "AclCanonicalId",
              uri: "AclUri",
            },
          },
        ],
        bucket_public_access_block: {
          ignore_public_acls: false, # required
          restrict_public_buckets: false, # required
        },
        access_points: {
          "AccessPointArn" => {
            access_point_policy: "AccessPointPolicy",
            public_access_block: {
              ignore_public_acls: false, # required
              restrict_public_buckets: false, # required
            },
            network_origin: {
              vpc_configuration: {
                vpc_id: "VpcId", # required
              },
              internet_configuration: {
              },
            },
          },
        },
      },
      sns_topic: {
        topic_policy: "SnsTopicPolicy",
      },
      sqs_queue: {
        queue_policy: "SqsQueuePolicy",
      },
    },
  },
  client_token: "String",
}

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#analyzer_arnString

The ARN of the account analyzer used to generate the access preview. You can only create an access preview for analyzers with an Account type and Active status.

Returns:

  • (String)


862
863
864
865
866
867
868
# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 862

class CreateAccessPreviewRequest < Struct.new(
  :analyzer_arn,
  :configurations,
  :client_token)
  SENSITIVE = []
  include Aws::Structure
end

#client_tokenString

A client token.

A suitable default value is auto-generated. You should normally not need to pass this option.

Returns:

  • (String)


862
863
864
865
866
867
868
# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 862

class CreateAccessPreviewRequest < Struct.new(
  :analyzer_arn,
  :configurations,
  :client_token)
  SENSITIVE = []
  include Aws::Structure
end

#configurationsHash<String,Types::Configuration>

Access control configuration for your resource that is used to generate the access preview. The access preview includes findings for external access allowed to the resource with the proposed access control configuration. The configuration must contain exactly one element.

Returns:



862
863
864
865
866
867
868
# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 862

class CreateAccessPreviewRequest < Struct.new(
  :analyzer_arn,
  :configurations,
  :client_token)
  SENSITIVE = []
  include Aws::Structure
end