feat(client-accessanalyzer): Expand analyzer configuration capabiliti…

…es for unused access analyzers. Unused access analyzer configurations now support the ability to exclude accounts and resource tags from analysis providing more granular control over the scope of analysis.
aws · Nov 14, 2024 · b2df1e1 · b2df1e1
1 parent ba1bdcc
commit b2df1e1
Show file tree

Hide file tree

Showing 12 changed files with 524 additions and 18 deletions.
diff --git a/clients/client-accessanalyzer/README.md b/clients/client-accessanalyzer/README.md
@@ -481,6 +481,14 @@ UntagResource
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/accessanalyzer/command/UntagResourceCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-accessanalyzer/Interface/UntagResourceCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-accessanalyzer/Interface/UntagResourceCommandOutput/)
 
+</details>
+<details>
+<summary>
+UpdateAnalyzer
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/accessanalyzer/command/UpdateAnalyzerCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-accessanalyzer/Interface/UpdateAnalyzerCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-accessanalyzer/Interface/UpdateAnalyzerCommandOutput/)
+
 </details>
 <details>
 <summary>

diff --git a/clients/client-accessanalyzer/src/AccessAnalyzer.ts b/clients/client-accessanalyzer/src/AccessAnalyzer.ts
@@ -151,6 +151,11 @@ import {
   UntagResourceCommandInput,
   UntagResourceCommandOutput,
 } from "./commands/UntagResourceCommand";
+import {
+  UpdateAnalyzerCommand,
+  UpdateAnalyzerCommandInput,
+  UpdateAnalyzerCommandOutput,
+} from "./commands/UpdateAnalyzerCommand";
 import {
   UpdateArchiveRuleCommand,
   UpdateArchiveRuleCommandInput,
@@ -200,6 +205,7 @@ const commands = {
   StartResourceScanCommand,
   TagResourceCommand,
   UntagResourceCommand,
+  UpdateAnalyzerCommand,
   UpdateArchiveRuleCommand,
   UpdateFindingsCommand,
   ValidatePolicyCommand,
@@ -698,6 +704,20 @@ export interface AccessAnalyzer {
     cb: (err: any, data?: UntagResourceCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link UpdateAnalyzerCommand}
+   */
+  updateAnalyzer(
+    args: UpdateAnalyzerCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<UpdateAnalyzerCommandOutput>;
+  updateAnalyzer(args: UpdateAnalyzerCommandInput, cb: (err: any, data?: UpdateAnalyzerCommandOutput) => void): void;
+  updateAnalyzer(
+    args: UpdateAnalyzerCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: UpdateAnalyzerCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link UpdateArchiveRuleCommand}
    */

diff --git a/clients/client-accessanalyzer/src/AccessAnalyzerClient.ts b/clients/client-accessanalyzer/src/AccessAnalyzerClient.ts
@@ -121,6 +121,7 @@ import {
 import { StartResourceScanCommandInput, StartResourceScanCommandOutput } from "./commands/StartResourceScanCommand";
 import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
 import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand";
+import { UpdateAnalyzerCommandInput, UpdateAnalyzerCommandOutput } from "./commands/UpdateAnalyzerCommand";
 import { UpdateArchiveRuleCommandInput, UpdateArchiveRuleCommandOutput } from "./commands/UpdateArchiveRuleCommand";
 import { UpdateFindingsCommandInput, UpdateFindingsCommandOutput } from "./commands/UpdateFindingsCommand";
 import { ValidatePolicyCommandInput, ValidatePolicyCommandOutput } from "./commands/ValidatePolicyCommand";
@@ -171,6 +172,7 @@ export type ServiceInputTypes =
   | StartResourceScanCommandInput
   | TagResourceCommandInput
   | UntagResourceCommandInput
+  | UpdateAnalyzerCommandInput
   | UpdateArchiveRuleCommandInput
   | UpdateFindingsCommandInput
   | ValidatePolicyCommandInput;
@@ -211,6 +213,7 @@ export type ServiceOutputTypes =
   | StartResourceScanCommandOutput
   | TagResourceCommandOutput
   | UntagResourceCommandOutput
+  | UpdateAnalyzerCommandOutput
   | UpdateArchiveRuleCommandOutput
   | UpdateFindingsCommandOutput
   | ValidatePolicyCommandOutput;

diff --git a/clients/client-accessanalyzer/src/commands/CreateAnalyzerCommand.ts b/clients/client-accessanalyzer/src/commands/CreateAnalyzerCommand.ts
@@ -64,6 +64,20 @@ export interface CreateAnalyzerCommandOutput extends CreateAnalyzerResponse, __M
  *   configuration: { // AnalyzerConfiguration Union: only one key present
  *     unusedAccess: { // UnusedAccessConfiguration
  *       unusedAccessAge: Number("int"),
+ *       analysisRule: { // AnalysisRule
+ *         exclusions: [ // AnalysisRuleCriteriaList
+ *           { // AnalysisRuleCriteria
+ *             accountIds: [ // AccountIdsList
+ *               "STRING_VALUE",
+ *             ],
+ *             resourceTags: [ // TagsList
+ *               {
+ *                 "<keys>": "STRING_VALUE",
+ *               },
+ *             ],
+ *           },
+ *         ],
+ *       },
  *     },
  *   },
  * };

diff --git a/clients/client-accessanalyzer/src/commands/GetAnalyzerCommand.ts b/clients/client-accessanalyzer/src/commands/GetAnalyzerCommand.ts
@@ -58,6 +58,20 @@ export interface GetAnalyzerCommandOutput extends GetAnalyzerResponse, __Metadat
  * //     configuration: { // AnalyzerConfiguration Union: only one key present
  * //       unusedAccess: { // UnusedAccessConfiguration
  * //         unusedAccessAge: Number("int"),
+ * //         analysisRule: { // AnalysisRule
+ * //           exclusions: [ // AnalysisRuleCriteriaList
+ * //             { // AnalysisRuleCriteria
+ * //               accountIds: [ // AccountIdsList
+ * //                 "STRING_VALUE",
+ * //               ],
+ * //               resourceTags: [ // TagsList
+ * //                 {
+ * //                   "<keys>": "STRING_VALUE",
+ * //                 },
+ * //               ],
+ * //             },
+ * //           ],
+ * //         },
  * //       },
  * //     },
  * //   },

diff --git a/clients/client-accessanalyzer/src/commands/ListAnalyzedResourcesCommand.ts b/clients/client-accessanalyzer/src/commands/ListAnalyzedResourcesCommand.ts
@@ -29,8 +29,7 @@ export interface ListAnalyzedResourcesCommandOutput extends ListAnalyzedResource
 
 /**
  * <p>Retrieves a list of resources of the specified type that have been analyzed by the
- *          specified external access analyzer. This action is not supported for unused access
- *          analyzers.</p>
+ *          specified analyzer.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-accessanalyzer/src/commands/ListAnalyzersCommand.ts b/clients/client-accessanalyzer/src/commands/ListAnalyzersCommand.ts
@@ -61,6 +61,20 @@ export interface ListAnalyzersCommandOutput extends ListAnalyzersResponse, __Met
  * //       configuration: { // AnalyzerConfiguration Union: only one key present
  * //         unusedAccess: { // UnusedAccessConfiguration
  * //           unusedAccessAge: Number("int"),
+ * //           analysisRule: { // AnalysisRule
+ * //             exclusions: [ // AnalysisRuleCriteriaList
+ * //               { // AnalysisRuleCriteria
+ * //                 accountIds: [ // AccountIdsList
+ * //                   "STRING_VALUE",
+ * //                 ],
+ * //                 resourceTags: [ // TagsList
+ * //                   {
+ * //                     "<keys>": "STRING_VALUE",
+ * //                   },
+ * //                 ],
+ * //               },
+ * //             ],
+ * //           },
  * //         },
  * //       },
  * //     },

diff --git a/clients/client-accessanalyzer/src/commands/UpdateAnalyzerCommand.ts b/clients/client-accessanalyzer/src/commands/UpdateAnalyzerCommand.ts
@@ -0,0 +1,147 @@
+// smithy-typescript generated code
+import { getEndpointPlugin } from "@smithy/middleware-endpoint";
+import { getSerdePlugin } from "@smithy/middleware-serde";
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+
+import { AccessAnalyzerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../AccessAnalyzerClient";
+import { commonParams } from "../endpoint/EndpointParameters";
+import { UpdateAnalyzerRequest, UpdateAnalyzerResponse } from "../models/models_0";
+import { de_UpdateAnalyzerCommand, se_UpdateAnalyzerCommand } from "../protocols/Aws_restJson1";
+
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link UpdateAnalyzerCommand}.
+ */
+export interface UpdateAnalyzerCommandInput extends UpdateAnalyzerRequest {}
+/**
+ * @public
+ *
+ * The output of {@link UpdateAnalyzerCommand}.
+ */
+export interface UpdateAnalyzerCommandOutput extends UpdateAnalyzerResponse, __MetadataBearer {}
+
+/**
+ * <p>Modifies the configuration of an existing analyzer.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { AccessAnalyzerClient, UpdateAnalyzerCommand } from "@aws-sdk/client-accessanalyzer"; // ES Modules import
+ * // const { AccessAnalyzerClient, UpdateAnalyzerCommand } = require("@aws-sdk/client-accessanalyzer"); // CommonJS import
+ * const client = new AccessAnalyzerClient(config);
+ * const input = { // UpdateAnalyzerRequest
+ *   analyzerName: "STRING_VALUE", // required
+ *   configuration: { // AnalyzerConfiguration Union: only one key present
+ *     unusedAccess: { // UnusedAccessConfiguration
+ *       unusedAccessAge: Number("int"),
+ *       analysisRule: { // AnalysisRule
+ *         exclusions: [ // AnalysisRuleCriteriaList
+ *           { // AnalysisRuleCriteria
+ *             accountIds: [ // AccountIdsList
+ *               "STRING_VALUE",
+ *             ],
+ *             resourceTags: [ // TagsList
+ *               { // TagsMap
+ *                 "<keys>": "STRING_VALUE",
+ *               },
+ *             ],
+ *           },
+ *         ],
+ *       },
+ *     },
+ *   },
+ * };
+ * const command = new UpdateAnalyzerCommand(input);
+ * const response = await client.send(command);
+ * // { // UpdateAnalyzerResponse
+ * //   configuration: { // AnalyzerConfiguration Union: only one key present
+ * //     unusedAccess: { // UnusedAccessConfiguration
+ * //       unusedAccessAge: Number("int"),
+ * //       analysisRule: { // AnalysisRule
+ * //         exclusions: [ // AnalysisRuleCriteriaList
+ * //           { // AnalysisRuleCriteria
+ * //             accountIds: [ // AccountIdsList
+ * //               "STRING_VALUE",
+ * //             ],
+ * //             resourceTags: [ // TagsList
+ * //               { // TagsMap
+ * //                 "<keys>": "STRING_VALUE",
+ * //               },
+ * //             ],
+ * //           },
+ * //         ],
+ * //       },
+ * //     },
+ * //   },
+ * // };
+ *
+ * ```
+ *
+ * @param UpdateAnalyzerCommandInput - {@link UpdateAnalyzerCommandInput}
+ * @returns {@link UpdateAnalyzerCommandOutput}
+ * @see {@link UpdateAnalyzerCommandInput} for command's `input` shape.
+ * @see {@link UpdateAnalyzerCommandOutput} for command's `response` shape.
+ * @see {@link AccessAnalyzerClientResolvedConfig | config} for AccessAnalyzerClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You do not have sufficient access to perform this action.</p>
+ *
+ * @throws {@link ConflictException} (client fault)
+ *  <p>A conflict exception error.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>Internal server error.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The specified resource could not be found.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>Throttling limit exceeded error.</p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>Validation exception error.</p>
+ *
+ * @throws {@link AccessAnalyzerServiceException}
+ * <p>Base exception class for all service exceptions from AccessAnalyzer service.</p>
+ *
+ * @public
+ */
+export class UpdateAnalyzerCommand extends $Command
+  .classBuilder<
+    UpdateAnalyzerCommandInput,
+    UpdateAnalyzerCommandOutput,
+    AccessAnalyzerClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >()
+  .ep(commonParams)
+  .m(function (this: any, Command: any, cs: any, config: AccessAnalyzerClientResolvedConfig, o: any) {
+    return [
+      getSerdePlugin(config, this.serialize, this.deserialize),
+      getEndpointPlugin(config, Command.getEndpointParameterInstructions()),
+    ];
+  })
+  .s("AccessAnalyzer", "UpdateAnalyzer", {})
+  .n("AccessAnalyzerClient", "UpdateAnalyzerCommand")
+  .f(void 0, void 0)
+  .ser(se_UpdateAnalyzerCommand)
+  .de(de_UpdateAnalyzerCommand)
+  .build() {
+  /** @internal type navigation helper, not in runtime. */
+  protected declare static __types: {
+    api: {
+      input: UpdateAnalyzerRequest;
+      output: UpdateAnalyzerResponse;
+    };
+    sdk: {
+      input: UpdateAnalyzerCommandInput;
+      output: UpdateAnalyzerCommandOutput;
+    };
+  };
+}
diff --git a/clients/client-accessanalyzer/src/commands/index.ts b/clients/client-accessanalyzer/src/commands/index.ts
@@ -31,6 +31,7 @@ export * from "./StartPolicyGenerationCommand";
 export * from "./StartResourceScanCommand";
 export * from "./TagResourceCommand";
 export * from "./UntagResourceCommand";
+export * from "./UpdateAnalyzerCommand";
 export * from "./UpdateArchiveRuleCommand";
 export * from "./UpdateFindingsCommand";
 export * from "./ValidatePolicyCommand";