class Aws::AccessAnalyzer::Types::CreateAccessPreviewRequest

@note When making an API call, you may pass CreateAccessPreviewRequest

data as a hash:

    {
      analyzer_arn: "AnalyzerArn", # required
      client_token: "String",
      configurations: { # required
        "ConfigurationsMapKey" => {
          iam_role: {
            trust_policy: "IamTrustPolicy",
          },
          kms_key: {
            grants: [
              {
                constraints: {
                  encryption_context_equals: {
                    "KmsConstraintsKey" => "KmsConstraintsValue",
                  },
                  encryption_context_subset: {
                    "KmsConstraintsKey" => "KmsConstraintsValue",
                  },
                },
                grantee_principal: "GranteePrincipal", # required
                issuing_account: "IssuingAccount", # required
                operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
                retiring_principal: "RetiringPrincipal",
              },
            ],
            key_policies: {
              "PolicyName" => "KmsKeyPolicy",
            },
          },
          s3_bucket: {
            access_points: {
              "AccessPointArn" => {
                access_point_policy: "AccessPointPolicy",
                network_origin: {
                  internet_configuration: {
                  },
                  vpc_configuration: {
                    vpc_id: "VpcId", # required
                  },
                },
                public_access_block: {
                  ignore_public_acls: false, # required
                  restrict_public_buckets: false, # required
                },
              },
            },
            bucket_acl_grants: [
              {
                grantee: { # required
                  id: "AclCanonicalId",
                  uri: "AclUri",
                },
                permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
              },
            ],
            bucket_policy: "S3BucketPolicy",
            bucket_public_access_block: {
              ignore_public_acls: false, # required
              restrict_public_buckets: false, # required
            },
          },
          secrets_manager_secret: {
            kms_key_id: "SecretsManagerSecretKmsId",
            secret_policy: "SecretsManagerSecretPolicy",
          },
          sqs_queue: {
            queue_policy: "SqsQueuePolicy",
          },
        },
      },
    }

@!attribute [rw] analyzer_arn

The [ARN of the account analyzer][1] used to generate the access
preview. You can only create an access preview for analyzers with an
`Account` type and `Active` status.

[1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
@return [String]

@!attribute [rw] client_token

A client token.

**A suitable default value is auto-generated.** You should normally
not need to pass this option.
@return [String]

@!attribute [rw] configurations

Access control configuration for your resource that is used to
generate the access preview. The access preview includes findings
for external access allowed to the resource with the proposed access
control configuration. The configuration must contain exactly one
element.
@return [Hash<String,Types::Configuration>]

@see docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAccessPreviewRequest AWS API Documentation

Constants

SENSITIVE