client.rb in aws-sdk-iam-1.39.0

- old
+ new

@@ -3792,12 +3792,13 @@
     # more about the evaluation of policy types, see [Evaluating
     # Policies][3] in the *IAM User Guide*.
     #
     #  </note>
     #
-    # For more information about service last accessed data, see [Reducing
-    # Policy Scope by Viewing User Activity][4] in the *IAM User Guide*.
+    # For more information about service and action last accessed data, see
+    # [Reducing Permissions Using Service Last Accessed Data][4] in the *IAM
+    # User Guide*.
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period
     # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
@@ -3807,10 +3808,18 @@
     # @option params [required, String] :arn
     #   The ARN of the IAM resource (user, group, role, or managed policy)
     #   used to generate information about when the resource was last used in
     #   an attempt to access an AWS service.
     #
+    # @option params [String] :granularity
+    #   The level of detail that you want to generate. You can specify whether
+    #   you want to generate information about the last attempt to access
+    #   services or actions. If you specify service-level granularity, this
+    #   operation generates only service data. If you specify action-level
+    #   granularity, it generates service and action data. If you don't
+    #   include this optional parameter, the operation generates service data.
+    #
     # @return [Types::GenerateServiceLastAccessedDetailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GenerateServiceLastAccessedDetailsResponse#job_id #job_id} => String
     #
     #
@@ -3829,10 +3838,11 @@
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.generate_service_last_accessed_details({
     #     arn: "arnType", # required
+    #     granularity: "SERVICE_LEVEL", # accepts SERVICE_LEVEL, ACTION_LEVEL
     #   })
     #
     # @example Response structure
     #
     #   resp.job_id #=> String
@@ -5402,13 +5412,23 @@
     # * **Policy** – Returns the ARN of the user or role that last used the
     #   policy to attempt to access the service
     #
     # By default, the list is sorted by service namespace.
     #
+    # If you specified `ACTION_LEVEL` granularity when you generated the
+    # report, this operation returns service and action last accessed data.
+    # This includes the most recent access attempt for each tracked action
+    # within a service. Otherwise, this operation returns only service data.
     #
+    # For more information about service and action last accessed data, see
+    # [Reducing Permissions Using Service Last Accessed Data][2] in the *IAM
+    # User Guide*.
     #
+    #
+    #
     # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
+    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
     #
     # @option params [required, String] :job_id
     #   The ID of the request generated by the
     #   GenerateServiceLastAccessedDetails operation. The `JobId` returned by
     #   `GenerateServiceLastAccessedDetail` must be used by the same role
@@ -5433,10 +5453,11 @@
     #   to indicate where the next call should start.
     #
     # @return [Types::GetServiceLastAccessedDetailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetServiceLastAccessedDetailsResponse#job_status #job_status} => String
+    #   * {Types::GetServiceLastAccessedDetailsResponse#job_type #job_type} => String
     #   * {Types::GetServiceLastAccessedDetailsResponse#job_creation_date #job_creation_date} => Time
     #   * {Types::GetServiceLastAccessedDetailsResponse#services_last_accessed #services_last_accessed} => Array&lt;Types::ServiceLastAccessed&gt;
     #   * {Types::GetServiceLastAccessedDetailsResponse#job_completion_date #job_completion_date} => Time
     #   * {Types::GetServiceLastAccessedDetailsResponse#is_truncated #is_truncated} => Boolean
     #   * {Types::GetServiceLastAccessedDetailsResponse#marker #marker} => String
@@ -5482,17 +5503,24 @@
     #   })
     #
     # @example Response structure
     #
     #   resp.job_status #=> String, one of "IN_PROGRESS", "COMPLETED", "FAILED"
+    #   resp.job_type #=> String, one of "SERVICE_LEVEL", "ACTION_LEVEL"
     #   resp.job_creation_date #=> Time
     #   resp.services_last_accessed #=> Array
     #   resp.services_last_accessed[0].service_name #=> String
     #   resp.services_last_accessed[0].last_authenticated #=> Time
     #   resp.services_last_accessed[0].service_namespace #=> String
     #   resp.services_last_accessed[0].last_authenticated_entity #=> String
+    #   resp.services_last_accessed[0].last_authenticated_region #=> String
     #   resp.services_last_accessed[0].total_authenticated_entities #=> Integer
+    #   resp.services_last_accessed[0].tracked_actions_last_accessed #=> Array
+    #   resp.services_last_accessed[0].tracked_actions_last_accessed[0].action_name #=> String
+    #   resp.services_last_accessed[0].tracked_actions_last_accessed[0].last_accessed_entity #=> String
+    #   resp.services_last_accessed[0].tracked_actions_last_accessed[0].last_accessed_time #=> Time
+    #   resp.services_last_accessed[0].tracked_actions_last_accessed[0].last_accessed_region #=> String
     #   resp.job_completion_date #=> Time
     #   resp.is_truncated #=> Boolean
     #   resp.marker #=> String
     #   resp.error.message #=> String
     #   resp.error.code #=> String
@@ -9575,11 +9603,11 @@
     #   boundary sets the maximum permissions that the entity can have. You
     #   can input only one permissions boundary when you pass a policy to this
     #   operation. An IAM entity can only have one permissions boundary in
     #   effect at a time. For example, if a permissions boundary is attached
     #   to an entity and you pass in a different permissions boundary policy
-    #   using this parameter, then the new permission boundary policy is used
+    #   using this parameter, then the new permissions boundary policy is used
     #   for the simulation. For more information about permissions boundaries,
     #   see [Permissions Boundaries for IAM Entities][1] in the *IAM User
     #   Guide*. The policy input is specified as a string containing the
     #   complete, valid JSON text of a permissions boundary policy.
     #
@@ -11531,10 +11559,10 @@
         operation: config.api.operation(operation_name),
         client: self,
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iam'
-      context[:gem_version] = '1.38.0'
+      context[:gem_version] = '1.39.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 
     # Polls an API operation until a resource enters a desired state.
     #