Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

updated aws #221

Merged
merged 3 commits into from
Apr 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1,953 changes: 1,944 additions & 9 deletions providers/src/aws/v00.00.00000/provider.yaml

Large diffs are not rendered by default.

223 changes: 223 additions & 0 deletions providers/src/aws/v00.00.00000/services/accessanalyzer.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,223 @@
openapi: 3.0.0
info:
title: AccessAnalyzer
version: 1.0.0
paths: {}
components:
schemas:
ArchiveRule:
description: An Access Analyzer archive rule. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.
type: object
properties:
Filter:
type: array
x-insertionOrder: false
minItems: 1
items:
$ref: '#/components/schemas/Filter'
RuleName:
type: string
description: The archive rule name
required:
- Filter
- RuleName
additionalProperties: false
Filter:
type: object
properties:
Contains:
type: array
x-insertionOrder: false
items:
type: string
Eq:
type: array
x-insertionOrder: false
items:
type: string
Exists:
type: boolean
Property:
type: string
Neq:
type: array
x-insertionOrder: false
items:
type: string
required:
- Property
additionalProperties: false
Tag:
description: A key-value pair to associate with a resource.
type: object
properties:
Key:
type: string
description: 'The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. '
minLength: 1
maxLength: 127
Value:
type: string
description: 'The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. '
minLength: 1
maxLength: 255
required:
- Key
- Value
additionalProperties: false
UnusedAccessConfiguration:
description: The Configuration for Unused Access Analyzer
type: object
properties:
UnusedAccessAge:
description: The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.
type: integer
minimum: 1
maximum: 180
additionalProperties: false
Analyzer:
type: object
properties:
AnalyzerName:
description: Analyzer name
type: string
minLength: 1
maxLength: 1024
ArchiveRules:
type: array
x-insertionOrder: false
items:
$ref: '#/components/schemas/ArchiveRule'
Arn:
description: Amazon Resource Name (ARN) of the analyzer
type: string
minLength: 1
maxLength: 1600
Tags:
type: array
maxItems: 50
x-insertionOrder: false
uniqueItems: true
description: An array of key-value pairs to apply to this resource.
items:
$ref: '#/components/schemas/Tag'
Type:
description: The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
type: string
minLength: 0
maxLength: 1024
AnalyzerConfiguration:
description: The configuration for the analyzer
type: object
properties:
UnusedAccessConfiguration:
$ref: '#/components/schemas/UnusedAccessConfiguration'
additionalProperties: false
required:
- Type
x-stackql-resource-name: analyzer
description: The AWS::AccessAnalyzer::Analyzer type specifies an analyzer of the user's account
x-type-name: AWS::AccessAnalyzer::Analyzer
x-stackql-primary-identifier:
- Arn
x-create-only-properties:
- AnalyzerName
- Type
- AnalyzerConfiguration
x-read-only-properties:
- Arn
x-required-properties:
- Type
x-tagging:
taggable: true
tagOnCreate: true
tagUpdatable: true
cloudFormationSystemTags: true
tagProperty: /properties/Tags
x-required-permissions:
create:
- access-analyzer:CreateAnalyzer
- access-analyzer:TagResource
- iam:CreateServiceLinkedRole
- organizations:ListAWSServiceAccessForOrganization
- organizations:ListDelegatedAdministrators
read:
- access-analyzer:ListAnalyzers
- access-analyzer:GetAnalyzer
- access-analyzer:ListArchiveRules
update:
- access-analyzer:CreateArchiveRule
- access-analyzer:DeleteArchiveRule
- access-analyzer:ListAnalyzers
- access-analyzer:TagResource
- access-analyzer:UntagResource
- access-analyzer:UpdateArchiveRule
delete:
- access-analyzer:DeleteAnalyzer
list:
- access-analyzer:ListAnalyzers
x-stackQL-resources:
analyzers:
name: analyzers
id: aws.accessanalyzer.analyzers
x-cfn-schema-name: Analyzer
x-type: list
x-identifiers:
- Arn
config:
views:
select:
predicate: sqlDialect == "sqlite3"
ddl: |-
SELECT
region,
JSON_EXTRACT(Properties, '$.Arn') as arn
FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AccessAnalyzer::Analyzer'
AND region = 'us-east-1'
fallback:
predicate: sqlDialect == "postgres"
ddl: |-
SELECT
region,
json_extract_path_text(Properties, 'Arn') as arn
FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AccessAnalyzer::Analyzer'
AND region = 'us-east-1'
analyzer:
name: analyzer
id: aws.accessanalyzer.analyzer
x-cfn-schema-name: Analyzer
x-type: get
x-identifiers:
- Arn
config:
views:
select:
predicate: sqlDialect == "sqlite3"
ddl: |-
SELECT
region,
data__Identifier,
JSON_EXTRACT(Properties, '$.AnalyzerName') as analyzer_name,
JSON_EXTRACT(Properties, '$.ArchiveRules') as archive_rules,
JSON_EXTRACT(Properties, '$.Arn') as arn,
JSON_EXTRACT(Properties, '$.Tags') as tags,
JSON_EXTRACT(Properties, '$.Type') as type,
JSON_EXTRACT(Properties, '$.AnalyzerConfiguration') as analyzer_configuration
FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AccessAnalyzer::Analyzer'
AND data__Identifier = '<Arn>'
AND region = 'us-east-1'
fallback:
predicate: sqlDialect == "postgres"
ddl: |-
SELECT
region,
data__Identifier,
json_extract_path_text(Properties, 'AnalyzerName') as analyzer_name,
json_extract_path_text(Properties, 'ArchiveRules') as archive_rules,
json_extract_path_text(Properties, 'Arn') as arn,
json_extract_path_text(Properties, 'Tags') as tags,
json_extract_path_text(Properties, 'Type') as type,
json_extract_path_text(Properties, 'AnalyzerConfiguration') as analyzer_configuration
FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AccessAnalyzer::Analyzer'
AND data__Identifier = '<Arn>'
AND region = 'us-east-1'
Loading