Class: Aws::AccessAnalyzer::Types::CreateAccessPreviewRequest

Inherits:
Struct
  • Object
show all
Defined in:
gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb

Overview

Note:

When making an API call, you may pass CreateAccessPreviewRequest data as a hash:

{
  analyzer_arn: "AnalyzerArn", # required
  client_token: "String",
  configurations: { # required
    "ConfigurationsMapKey" => {
      iam_role: {
        trust_policy: "IamTrustPolicy",
      },
      kms_key: {
        grants: [
          {
            constraints: {
              encryption_context_equals: {
                "KmsConstraintsKey" => "KmsConstraintsValue",
              },
              encryption_context_subset: {
                "KmsConstraintsKey" => "KmsConstraintsValue",
              },
            },
            grantee_principal: "GranteePrincipal", # required
            issuing_account: "IssuingAccount", # required
            operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
            retiring_principal: "RetiringPrincipal",
          },
        ],
        key_policies: {
          "PolicyName" => "KmsKeyPolicy",
        },
      },
      s3_bucket: {
        access_points: {
          "AccessPointArn" => {
            access_point_policy: "AccessPointPolicy",
            network_origin: {
              internet_configuration: {
              },
              vpc_configuration: {
                vpc_id: "VpcId", # required
              },
            },
            public_access_block: {
              ignore_public_acls: false, # required
              restrict_public_buckets: false, # required
            },
          },
        },
        bucket_acl_grants: [
          {
            grantee: { # required
              id: "AclCanonicalId",
              uri: "AclUri",
            },
            permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
          },
        ],
        bucket_policy: "S3BucketPolicy",
        bucket_public_access_block: {
          ignore_public_acls: false, # required
          restrict_public_buckets: false, # required
        },
      },
      secrets_manager_secret: {
        kms_key_id: "SecretsManagerSecretKmsId",
        secret_policy: "SecretsManagerSecretPolicy",
      },
      sqs_queue: {
        queue_policy: "SqsQueuePolicy",
      },
    },
  },
}

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#analyzer_arnString

The ARN of the account analyzer used to generate the access preview. You can only create an access preview for analyzers with an Account type and Active status.

Returns:

  • (String)


794
795
796
797
798
799
800
# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 794

class CreateAccessPreviewRequest < Struct.new(
  :analyzer_arn,
  :client_token,
  :configurations)
  SENSITIVE = []
  include Aws::Structure
end

#client_tokenString

A client token.

A suitable default value is auto-generated. You should normally not need to pass this option.

Returns:

  • (String)


794
795
796
797
798
799
800
# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 794

class CreateAccessPreviewRequest < Struct.new(
  :analyzer_arn,
  :client_token,
  :configurations)
  SENSITIVE = []
  include Aws::Structure
end

#configurationsHash<String,Types::Configuration>

Access control configuration for your resource that is used to generate the access preview. The access preview includes findings for external access allowed to the resource with the proposed access control configuration. The configuration must contain exactly one element.

Returns:



794
795
796
797
798
799
800
# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 794

class CreateAccessPreviewRequest < Struct.new(
  :analyzer_arn,
  :client_token,
  :configurations)
  SENSITIVE = []
  include Aws::Structure
end