-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Amazon Access Analyzer SDK.
--   
--   Derived from API version <tt>2019-11-01</tt> of the AWS service
--   descriptions, licensed under Apache 2.0.
--   
--   The types from this library are intended to be used with
--   <a>amazonka</a>, which provides mechanisms for specifying AuthN/AuthZ
--   information, sending requests, and receiving responses.
--   
--   It is recommended to use generic lenses or optics from packages such
--   as <a>generic-lens</a> or <a>optics</a> to modify optional fields and
--   deconstruct responses.
--   
--   Generated lenses can be found in <a>Amazonka.AccessAnalyzer.Lens</a>
--   and are suitable for use with a lens package such as <a>lens</a> or
--   <a>lens-family-core</a>.
--   
--   See <a>Amazonka.AccessAnalyzer</a> and the <a>AWS documentation</a> to
--   get started.
@package amazonka-accessanalyzer
@version 2.0


module Amazonka.AccessAnalyzer.Types.AccessPreviewStatus
newtype AccessPreviewStatus
AccessPreviewStatus' :: Text -> AccessPreviewStatus
[fromAccessPreviewStatus] :: AccessPreviewStatus -> Text
pattern AccessPreviewStatus_COMPLETED :: AccessPreviewStatus
pattern AccessPreviewStatus_CREATING :: AccessPreviewStatus
pattern AccessPreviewStatus_FAILED :: AccessPreviewStatus
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.AccessPreviewStatus.AccessPreviewStatus


module Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode
newtype AccessPreviewStatusReasonCode
AccessPreviewStatusReasonCode' :: Text -> AccessPreviewStatusReasonCode
[fromAccessPreviewStatusReasonCode] :: AccessPreviewStatusReasonCode -> Text
pattern AccessPreviewStatusReasonCode_INTERNAL_ERROR :: AccessPreviewStatusReasonCode
pattern AccessPreviewStatusReasonCode_INVALID_CONFIGURATION :: AccessPreviewStatusReasonCode
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode.AccessPreviewStatusReasonCode


module Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReason

-- | Provides more details about the current status of the access preview.
--   For example, if the creation of the access preview fails, a
--   <tt>Failed</tt> status is returned. This failure can be due to an
--   internal issue with the analysis or due to an invalid proposed
--   resource configuration.
--   
--   <i>See:</i> <a>newAccessPreviewStatusReason</a> smart constructor.
data AccessPreviewStatusReason
AccessPreviewStatusReason' :: AccessPreviewStatusReasonCode -> AccessPreviewStatusReason

-- | The reason code for the current status of the access preview.
[$sel:code:AccessPreviewStatusReason'] :: AccessPreviewStatusReason -> AccessPreviewStatusReasonCode

-- | Create a value of <a>AccessPreviewStatusReason</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:code:AccessPreviewStatusReason'</a>,
--   <a>accessPreviewStatusReason_code</a> - The reason code for the
--   current status of the access preview.
newAccessPreviewStatusReason :: AccessPreviewStatusReasonCode -> AccessPreviewStatusReason

-- | The reason code for the current status of the access preview.
accessPreviewStatusReason_code :: Lens' AccessPreviewStatusReason AccessPreviewStatusReasonCode
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReason.AccessPreviewStatusReason
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReason.AccessPreviewStatusReason
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReason.AccessPreviewStatusReason
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReason.AccessPreviewStatusReason
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReason.AccessPreviewStatusReason
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReason.AccessPreviewStatusReason
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReason.AccessPreviewStatusReason


module Amazonka.AccessAnalyzer.Types.AccessPreviewSummary

-- | Contains a summary of information about an access preview.
--   
--   <i>See:</i> <a>newAccessPreviewSummary</a> smart constructor.
data AccessPreviewSummary
AccessPreviewSummary' :: Maybe AccessPreviewStatusReason -> Text -> Text -> ISO8601 -> AccessPreviewStatus -> AccessPreviewSummary
[$sel:statusReason:AccessPreviewSummary'] :: AccessPreviewSummary -> Maybe AccessPreviewStatusReason

-- | The unique ID for the access preview.
[$sel:id:AccessPreviewSummary'] :: AccessPreviewSummary -> Text

-- | The ARN of the analyzer used to generate the access preview.
[$sel:analyzerArn:AccessPreviewSummary'] :: AccessPreviewSummary -> Text

-- | The time at which the access preview was created.
[$sel:createdAt:AccessPreviewSummary'] :: AccessPreviewSummary -> ISO8601

-- | The status of the access preview.
--   
--   <ul>
--   <li><tt>Creating</tt> - The access preview creation is in
--   progress.</li>
--   <li><tt>Completed</tt> - The access preview is complete and previews
--   the findings for external access to the resource.</li>
--   <li><tt>Failed</tt> - The access preview creation has failed.</li>
--   </ul>
[$sel:status:AccessPreviewSummary'] :: AccessPreviewSummary -> AccessPreviewStatus

-- | Create a value of <a>AccessPreviewSummary</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:statusReason:AccessPreviewSummary'</a>,
--   <a>accessPreviewSummary_statusReason</a> - Undocumented member.
--   
--   <a>$sel:id:AccessPreviewSummary'</a>, <a>accessPreviewSummary_id</a> -
--   The unique ID for the access preview.
--   
--   <a>$sel:analyzerArn:AccessPreviewSummary'</a>,
--   <a>accessPreviewSummary_analyzerArn</a> - The ARN of the analyzer used
--   to generate the access preview.
--   
--   <a>$sel:createdAt:AccessPreviewSummary'</a>,
--   <a>accessPreviewSummary_createdAt</a> - The time at which the access
--   preview was created.
--   
--   <a>$sel:status:AccessPreviewSummary'</a>,
--   <a>accessPreviewSummary_status</a> - The status of the access preview.
--   
--   <ul>
--   <li><tt>Creating</tt> - The access preview creation is in
--   progress.</li>
--   <li><tt>Completed</tt> - The access preview is complete and previews
--   the findings for external access to the resource.</li>
--   <li><tt>Failed</tt> - The access preview creation has failed.</li>
--   </ul>
newAccessPreviewSummary :: Text -> Text -> UTCTime -> AccessPreviewStatus -> AccessPreviewSummary

-- | Undocumented member.
accessPreviewSummary_statusReason :: Lens' AccessPreviewSummary (Maybe AccessPreviewStatusReason)

-- | The unique ID for the access preview.
accessPreviewSummary_id :: Lens' AccessPreviewSummary Text

-- | The ARN of the analyzer used to generate the access preview.
accessPreviewSummary_analyzerArn :: Lens' AccessPreviewSummary Text

-- | The time at which the access preview was created.
accessPreviewSummary_createdAt :: Lens' AccessPreviewSummary UTCTime

-- | The status of the access preview.
--   
--   <ul>
--   <li><tt>Creating</tt> - The access preview creation is in
--   progress.</li>
--   <li><tt>Completed</tt> - The access preview is complete and previews
--   the findings for external access to the resource.</li>
--   <li><tt>Failed</tt> - The access preview creation has failed.</li>
--   </ul>
accessPreviewSummary_status :: Lens' AccessPreviewSummary AccessPreviewStatus
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.AccessPreviewSummary.AccessPreviewSummary
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.AccessPreviewSummary.AccessPreviewSummary
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.AccessPreviewSummary.AccessPreviewSummary
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.AccessPreviewSummary.AccessPreviewSummary
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.AccessPreviewSummary.AccessPreviewSummary
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.AccessPreviewSummary.AccessPreviewSummary
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.AccessPreviewSummary.AccessPreviewSummary


module Amazonka.AccessAnalyzer.Types.AclGrantee

-- | You specify each grantee as a type-value pair using one of these
--   types. You can specify only one type of grantee. For more information,
--   see <a>PutBucketAcl</a>.
--   
--   <i>See:</i> <a>newAclGrantee</a> smart constructor.
data AclGrantee
AclGrantee' :: Maybe Text -> Maybe Text -> AclGrantee

-- | The value specified is the canonical user ID of an Amazon Web Services
--   account.
[$sel:id:AclGrantee'] :: AclGrantee -> Maybe Text

-- | Used for granting permissions to a predefined group.
[$sel:uri:AclGrantee'] :: AclGrantee -> Maybe Text

-- | Create a value of <a>AclGrantee</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:id:AclGrantee'</a>, <a>aclGrantee_id</a> - The value specified
--   is the canonical user ID of an Amazon Web Services account.
--   
--   <a>$sel:uri:AclGrantee'</a>, <a>aclGrantee_uri</a> - Used for granting
--   permissions to a predefined group.
newAclGrantee :: AclGrantee

-- | The value specified is the canonical user ID of an Amazon Web Services
--   account.
aclGrantee_id :: Lens' AclGrantee (Maybe Text)

-- | Used for granting permissions to a predefined group.
aclGrantee_uri :: Lens' AclGrantee (Maybe Text)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.AclGrantee.AclGrantee
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.AclGrantee.AclGrantee
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.AclGrantee.AclGrantee
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.AclGrantee.AclGrantee
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.AclGrantee.AclGrantee
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.AclGrantee.AclGrantee
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.AclGrantee.AclGrantee
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.AclGrantee.AclGrantee


module Amazonka.AccessAnalyzer.Types.AclPermission
newtype AclPermission
AclPermission' :: Text -> AclPermission
[fromAclPermission] :: AclPermission -> Text
pattern AclPermission_FULL_CONTROL :: AclPermission
pattern AclPermission_READ :: AclPermission
pattern AclPermission_READ_ACP :: AclPermission
pattern AclPermission_WRITE :: AclPermission
pattern AclPermission_WRITE_ACP :: AclPermission
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.AclPermission.AclPermission


module Amazonka.AccessAnalyzer.Types.AnalyzerStatus
newtype AnalyzerStatus
AnalyzerStatus' :: Text -> AnalyzerStatus
[fromAnalyzerStatus] :: AnalyzerStatus -> Text
pattern AnalyzerStatus_ACTIVE :: AnalyzerStatus
pattern AnalyzerStatus_CREATING :: AnalyzerStatus
pattern AnalyzerStatus_DISABLED :: AnalyzerStatus
pattern AnalyzerStatus_FAILED :: AnalyzerStatus
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.AnalyzerStatus.AnalyzerStatus


module Amazonka.AccessAnalyzer.Types.Criterion

-- | The criteria to use in the filter that defines the archive rule. For
--   more information on available filter keys, see <a>IAM Access Analyzer
--   filter keys</a>.
--   
--   <i>See:</i> <a>newCriterion</a> smart constructor.
data Criterion
Criterion' :: Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Maybe Bool -> Maybe (NonEmpty Text) -> Criterion

-- | A "contains" operator to match for the filter used to create the rule.
[$sel:contains:Criterion'] :: Criterion -> Maybe (NonEmpty Text)

-- | An "equals" operator to match for the filter used to create the rule.
[$sel:eq:Criterion'] :: Criterion -> Maybe (NonEmpty Text)

-- | An "exists" operator to match for the filter used to create the rule.
[$sel:exists:Criterion'] :: Criterion -> Maybe Bool

-- | A "not equals" operator to match for the filter used to create the
--   rule.
[$sel:neq:Criterion'] :: Criterion -> Maybe (NonEmpty Text)

-- | Create a value of <a>Criterion</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:contains:Criterion'</a>, <a>criterion_contains</a> - A
--   "contains" operator to match for the filter used to create the rule.
--   
--   <a>$sel:eq:Criterion'</a>, <a>criterion_eq</a> - An "equals" operator
--   to match for the filter used to create the rule.
--   
--   <a>$sel:exists:Criterion'</a>, <a>criterion_exists</a> - An "exists"
--   operator to match for the filter used to create the rule.
--   
--   <a>$sel:neq:Criterion'</a>, <a>criterion_neq</a> - A "not equals"
--   operator to match for the filter used to create the rule.
newCriterion :: Criterion

-- | A "contains" operator to match for the filter used to create the rule.
criterion_contains :: Lens' Criterion (Maybe (NonEmpty Text))

-- | An "equals" operator to match for the filter used to create the rule.
criterion_eq :: Lens' Criterion (Maybe (NonEmpty Text))

-- | An "exists" operator to match for the filter used to create the rule.
criterion_exists :: Lens' Criterion (Maybe Bool)

-- | A "not equals" operator to match for the filter used to create the
--   rule.
criterion_neq :: Lens' Criterion (Maybe (NonEmpty Text))
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.Criterion.Criterion
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.Criterion.Criterion
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.Criterion.Criterion
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.Criterion.Criterion
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.Criterion.Criterion
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.Criterion.Criterion
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.Criterion.Criterion
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.Criterion.Criterion


module Amazonka.AccessAnalyzer.Types.ArchiveRuleSummary

-- | Contains information about an archive rule.
--   
--   <i>See:</i> <a>newArchiveRuleSummary</a> smart constructor.
data ArchiveRuleSummary
ArchiveRuleSummary' :: Text -> HashMap Text Criterion -> ISO8601 -> ISO8601 -> ArchiveRuleSummary

-- | The name of the archive rule.
[$sel:ruleName:ArchiveRuleSummary'] :: ArchiveRuleSummary -> Text

-- | A filter used to define the archive rule.
[$sel:filter':ArchiveRuleSummary'] :: ArchiveRuleSummary -> HashMap Text Criterion

-- | The time at which the archive rule was created.
[$sel:createdAt:ArchiveRuleSummary'] :: ArchiveRuleSummary -> ISO8601

-- | The time at which the archive rule was last updated.
[$sel:updatedAt:ArchiveRuleSummary'] :: ArchiveRuleSummary -> ISO8601

-- | Create a value of <a>ArchiveRuleSummary</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:ruleName:ArchiveRuleSummary'</a>,
--   <a>archiveRuleSummary_ruleName</a> - The name of the archive rule.
--   
--   <a>$sel:filter':ArchiveRuleSummary'</a>,
--   <a>archiveRuleSummary_filter</a> - A filter used to define the archive
--   rule.
--   
--   <a>$sel:createdAt:ArchiveRuleSummary'</a>,
--   <a>archiveRuleSummary_createdAt</a> - The time at which the archive
--   rule was created.
--   
--   <a>$sel:updatedAt:ArchiveRuleSummary'</a>,
--   <a>archiveRuleSummary_updatedAt</a> - The time at which the archive
--   rule was last updated.
newArchiveRuleSummary :: Text -> UTCTime -> UTCTime -> ArchiveRuleSummary

-- | The name of the archive rule.
archiveRuleSummary_ruleName :: Lens' ArchiveRuleSummary Text

-- | A filter used to define the archive rule.
archiveRuleSummary_filter :: Lens' ArchiveRuleSummary (HashMap Text Criterion)

-- | The time at which the archive rule was created.
archiveRuleSummary_createdAt :: Lens' ArchiveRuleSummary UTCTime

-- | The time at which the archive rule was last updated.
archiveRuleSummary_updatedAt :: Lens' ArchiveRuleSummary UTCTime
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.ArchiveRuleSummary.ArchiveRuleSummary
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.ArchiveRuleSummary.ArchiveRuleSummary
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.ArchiveRuleSummary.ArchiveRuleSummary
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.ArchiveRuleSummary.ArchiveRuleSummary
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.ArchiveRuleSummary.ArchiveRuleSummary
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.ArchiveRuleSummary.ArchiveRuleSummary
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.ArchiveRuleSummary.ArchiveRuleSummary


module Amazonka.AccessAnalyzer.Types.EbsSnapshotConfiguration

-- | The proposed access control configuration for an Amazon EBS volume
--   snapshot. You can propose a configuration for a new Amazon EBS volume
--   snapshot or an Amazon EBS volume snapshot that you own by specifying
--   the user IDs, groups, and optional KMS encryption key. For more
--   information, see <a>ModifySnapshotAttribute</a>.
--   
--   <i>See:</i> <a>newEbsSnapshotConfiguration</a> smart constructor.
data EbsSnapshotConfiguration
EbsSnapshotConfiguration' :: Maybe [Text] -> Maybe Text -> Maybe [Text] -> EbsSnapshotConfiguration

-- | The groups that have access to the Amazon EBS volume snapshot. If the
--   value <tt>all</tt> is specified, then the Amazon EBS volume snapshot
--   is public.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>groups</tt>, then the access preview
--   uses the existing shared <tt>groups</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>groups</tt>, then the access preview considers the snapshot
--   without any <tt>groups</tt>.</li>
--   <li>To propose deletion of existing shared <tt>groups</tt>, you can
--   specify an empty list for <tt>groups</tt>.</li>
--   </ul>
[$sel:groups:EbsSnapshotConfiguration'] :: EbsSnapshotConfiguration -> Maybe [Text]

-- | The KMS key identifier for an encrypted Amazon EBS volume snapshot.
--   The KMS key identifier is the key ARN, key ID, alias ARN, or alias
--   name for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>kmsKeyId</tt>, or you specify an empty
--   string, then the access preview uses the existing <tt>kmsKeyId</tt> of
--   the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>kmsKeyId</tt>, the access preview considers the snapshot as
--   unencrypted.</li>
--   </ul>
[$sel:kmsKeyId:EbsSnapshotConfiguration'] :: EbsSnapshotConfiguration -> Maybe Text

-- | The IDs of the Amazon Web Services accounts that have access to the
--   Amazon EBS volume snapshot.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>userIds</tt>, then the access preview
--   uses the existing shared <tt>userIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>userIds</tt>, then the access preview considers the snapshot
--   without any <tt>userIds</tt>.</li>
--   <li>To propose deletion of existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>userIds</tt>.</li>
--   </ul>
[$sel:userIds:EbsSnapshotConfiguration'] :: EbsSnapshotConfiguration -> Maybe [Text]

-- | Create a value of <a>EbsSnapshotConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:groups:EbsSnapshotConfiguration'</a>,
--   <a>ebsSnapshotConfiguration_groups</a> - The groups that have access
--   to the Amazon EBS volume snapshot. If the value <tt>all</tt> is
--   specified, then the Amazon EBS volume snapshot is public.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>groups</tt>, then the access preview
--   uses the existing shared <tt>groups</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>groups</tt>, then the access preview considers the snapshot
--   without any <tt>groups</tt>.</li>
--   <li>To propose deletion of existing shared <tt>groups</tt>, you can
--   specify an empty list for <tt>groups</tt>.</li>
--   </ul>
--   
--   <a>$sel:kmsKeyId:EbsSnapshotConfiguration'</a>,
--   <a>ebsSnapshotConfiguration_kmsKeyId</a> - The KMS key identifier for
--   an encrypted Amazon EBS volume snapshot. The KMS key identifier is the
--   key ARN, key ID, alias ARN, or alias name for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>kmsKeyId</tt>, or you specify an empty
--   string, then the access preview uses the existing <tt>kmsKeyId</tt> of
--   the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>kmsKeyId</tt>, the access preview considers the snapshot as
--   unencrypted.</li>
--   </ul>
--   
--   <a>$sel:userIds:EbsSnapshotConfiguration'</a>,
--   <a>ebsSnapshotConfiguration_userIds</a> - The IDs of the Amazon Web
--   Services accounts that have access to the Amazon EBS volume snapshot.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>userIds</tt>, then the access preview
--   uses the existing shared <tt>userIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>userIds</tt>, then the access preview considers the snapshot
--   without any <tt>userIds</tt>.</li>
--   <li>To propose deletion of existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>userIds</tt>.</li>
--   </ul>
newEbsSnapshotConfiguration :: EbsSnapshotConfiguration

-- | The groups that have access to the Amazon EBS volume snapshot. If the
--   value <tt>all</tt> is specified, then the Amazon EBS volume snapshot
--   is public.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>groups</tt>, then the access preview
--   uses the existing shared <tt>groups</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>groups</tt>, then the access preview considers the snapshot
--   without any <tt>groups</tt>.</li>
--   <li>To propose deletion of existing shared <tt>groups</tt>, you can
--   specify an empty list for <tt>groups</tt>.</li>
--   </ul>
ebsSnapshotConfiguration_groups :: Lens' EbsSnapshotConfiguration (Maybe [Text])

-- | The KMS key identifier for an encrypted Amazon EBS volume snapshot.
--   The KMS key identifier is the key ARN, key ID, alias ARN, or alias
--   name for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>kmsKeyId</tt>, or you specify an empty
--   string, then the access preview uses the existing <tt>kmsKeyId</tt> of
--   the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>kmsKeyId</tt>, the access preview considers the snapshot as
--   unencrypted.</li>
--   </ul>
ebsSnapshotConfiguration_kmsKeyId :: Lens' EbsSnapshotConfiguration (Maybe Text)

-- | The IDs of the Amazon Web Services accounts that have access to the
--   Amazon EBS volume snapshot.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>userIds</tt>, then the access preview
--   uses the existing shared <tt>userIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>userIds</tt>, then the access preview considers the snapshot
--   without any <tt>userIds</tt>.</li>
--   <li>To propose deletion of existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>userIds</tt>.</li>
--   </ul>
ebsSnapshotConfiguration_userIds :: Lens' EbsSnapshotConfiguration (Maybe [Text])
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.EbsSnapshotConfiguration.EbsSnapshotConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.EbsSnapshotConfiguration.EbsSnapshotConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.EbsSnapshotConfiguration.EbsSnapshotConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.EbsSnapshotConfiguration.EbsSnapshotConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.EbsSnapshotConfiguration.EbsSnapshotConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.EbsSnapshotConfiguration.EbsSnapshotConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.EbsSnapshotConfiguration.EbsSnapshotConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.EbsSnapshotConfiguration.EbsSnapshotConfiguration


module Amazonka.AccessAnalyzer.Types.EcrRepositoryConfiguration

-- | The proposed access control configuration for an Amazon ECR
--   repository. You can propose a configuration for a new Amazon ECR
--   repository or an existing Amazon ECR repository that you own by
--   specifying the Amazon ECR policy. For more information, see
--   <a>Repository</a>.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon ECR repository and
--   you do not specify the Amazon ECR policy, then the access preview uses
--   the existing Amazon ECR policy for the repository.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the policy, then the access preview assumes an Amazon ECR repository
--   without a policy.</li>
--   <li>To propose deletion of an existing Amazon ECR repository policy,
--   you can specify an empty string for the Amazon ECR policy.</li>
--   </ul>
--   
--   <i>See:</i> <a>newEcrRepositoryConfiguration</a> smart constructor.
data EcrRepositoryConfiguration
EcrRepositoryConfiguration' :: Maybe Text -> EcrRepositoryConfiguration

-- | The JSON repository policy text to apply to the Amazon ECR repository.
--   For more information, see <a>Private repository policy examples</a> in
--   the <i>Amazon ECR User Guide</i>.
[$sel:repositoryPolicy:EcrRepositoryConfiguration'] :: EcrRepositoryConfiguration -> Maybe Text

-- | Create a value of <a>EcrRepositoryConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:repositoryPolicy:EcrRepositoryConfiguration'</a>,
--   <a>ecrRepositoryConfiguration_repositoryPolicy</a> - The JSON
--   repository policy text to apply to the Amazon ECR repository. For more
--   information, see <a>Private repository policy examples</a> in the
--   <i>Amazon ECR User Guide</i>.
newEcrRepositoryConfiguration :: EcrRepositoryConfiguration

-- | The JSON repository policy text to apply to the Amazon ECR repository.
--   For more information, see <a>Private repository policy examples</a> in
--   the <i>Amazon ECR User Guide</i>.
ecrRepositoryConfiguration_repositoryPolicy :: Lens' EcrRepositoryConfiguration (Maybe Text)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.EcrRepositoryConfiguration.EcrRepositoryConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.EcrRepositoryConfiguration.EcrRepositoryConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.EcrRepositoryConfiguration.EcrRepositoryConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.EcrRepositoryConfiguration.EcrRepositoryConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.EcrRepositoryConfiguration.EcrRepositoryConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.EcrRepositoryConfiguration.EcrRepositoryConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.EcrRepositoryConfiguration.EcrRepositoryConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.EcrRepositoryConfiguration.EcrRepositoryConfiguration


module Amazonka.AccessAnalyzer.Types.EfsFileSystemConfiguration

-- | The proposed access control configuration for an Amazon EFS file
--   system. You can propose a configuration for a new Amazon EFS file
--   system or an existing Amazon EFS file system that you own by
--   specifying the Amazon EFS policy. For more information, see <a>Using
--   file systems in Amazon EFS</a>.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EFS file system and
--   you do not specify the Amazon EFS policy, then the access preview uses
--   the existing Amazon EFS policy for the file system.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the policy, then the access preview assumes an Amazon EFS file system
--   without a policy.</li>
--   <li>To propose deletion of an existing Amazon EFS file system policy,
--   you can specify an empty string for the Amazon EFS policy.</li>
--   </ul>
--   
--   <i>See:</i> <a>newEfsFileSystemConfiguration</a> smart constructor.
data EfsFileSystemConfiguration
EfsFileSystemConfiguration' :: Maybe Text -> EfsFileSystemConfiguration

-- | The JSON policy definition to apply to the Amazon EFS file system. For
--   more information on the elements that make up a file system policy,
--   see <a>Amazon EFS Resource-based policies</a>.
[$sel:fileSystemPolicy:EfsFileSystemConfiguration'] :: EfsFileSystemConfiguration -> Maybe Text

-- | Create a value of <a>EfsFileSystemConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:fileSystemPolicy:EfsFileSystemConfiguration'</a>,
--   <a>efsFileSystemConfiguration_fileSystemPolicy</a> - The JSON policy
--   definition to apply to the Amazon EFS file system. For more
--   information on the elements that make up a file system policy, see
--   <a>Amazon EFS Resource-based policies</a>.
newEfsFileSystemConfiguration :: EfsFileSystemConfiguration

-- | The JSON policy definition to apply to the Amazon EFS file system. For
--   more information on the elements that make up a file system policy,
--   see <a>Amazon EFS Resource-based policies</a>.
efsFileSystemConfiguration_fileSystemPolicy :: Lens' EfsFileSystemConfiguration (Maybe Text)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.EfsFileSystemConfiguration.EfsFileSystemConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.EfsFileSystemConfiguration.EfsFileSystemConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.EfsFileSystemConfiguration.EfsFileSystemConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.EfsFileSystemConfiguration.EfsFileSystemConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.EfsFileSystemConfiguration.EfsFileSystemConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.EfsFileSystemConfiguration.EfsFileSystemConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.EfsFileSystemConfiguration.EfsFileSystemConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.EfsFileSystemConfiguration.EfsFileSystemConfiguration


module Amazonka.AccessAnalyzer.Types.FindingChangeType
newtype FindingChangeType
FindingChangeType' :: Text -> FindingChangeType
[fromFindingChangeType] :: FindingChangeType -> Text
pattern FindingChangeType_CHANGED :: FindingChangeType
pattern FindingChangeType_NEW :: FindingChangeType
pattern FindingChangeType_UNCHANGED :: FindingChangeType
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.FindingChangeType.FindingChangeType


module Amazonka.AccessAnalyzer.Types.FindingSourceDetail

-- | Includes details about how the access that generated the finding is
--   granted. This is populated for Amazon S3 bucket findings.
--   
--   <i>See:</i> <a>newFindingSourceDetail</a> smart constructor.
data FindingSourceDetail
FindingSourceDetail' :: Maybe Text -> Maybe Text -> FindingSourceDetail

-- | The account of the cross-account access point that generated the
--   finding.
[$sel:accessPointAccount:FindingSourceDetail'] :: FindingSourceDetail -> Maybe Text

-- | The ARN of the access point that generated the finding. The ARN format
--   depends on whether the ARN represents an access point or a
--   multi-region access point.
[$sel:accessPointArn:FindingSourceDetail'] :: FindingSourceDetail -> Maybe Text

-- | Create a value of <a>FindingSourceDetail</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accessPointAccount:FindingSourceDetail'</a>,
--   <a>findingSourceDetail_accessPointAccount</a> - The account of the
--   cross-account access point that generated the finding.
--   
--   <a>$sel:accessPointArn:FindingSourceDetail'</a>,
--   <a>findingSourceDetail_accessPointArn</a> - The ARN of the access
--   point that generated the finding. The ARN format depends on whether
--   the ARN represents an access point or a multi-region access point.
newFindingSourceDetail :: FindingSourceDetail

-- | The account of the cross-account access point that generated the
--   finding.
findingSourceDetail_accessPointAccount :: Lens' FindingSourceDetail (Maybe Text)

-- | The ARN of the access point that generated the finding. The ARN format
--   depends on whether the ARN represents an access point or a
--   multi-region access point.
findingSourceDetail_accessPointArn :: Lens' FindingSourceDetail (Maybe Text)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.FindingSourceDetail.FindingSourceDetail
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.FindingSourceDetail.FindingSourceDetail
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.FindingSourceDetail.FindingSourceDetail
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.FindingSourceDetail.FindingSourceDetail
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.FindingSourceDetail.FindingSourceDetail
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.FindingSourceDetail.FindingSourceDetail
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.FindingSourceDetail.FindingSourceDetail


module Amazonka.AccessAnalyzer.Types.FindingSourceType
newtype FindingSourceType
FindingSourceType' :: Text -> FindingSourceType
[fromFindingSourceType] :: FindingSourceType -> Text
pattern FindingSourceType_BUCKET_ACL :: FindingSourceType
pattern FindingSourceType_POLICY :: FindingSourceType
pattern FindingSourceType_S3_ACCESS_POINT :: FindingSourceType
pattern FindingSourceType_S3_ACCESS_POINT_ACCOUNT :: FindingSourceType
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.FindingSourceType.FindingSourceType


module Amazonka.AccessAnalyzer.Types.FindingSource

-- | The source of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
--   
--   <i>See:</i> <a>newFindingSource</a> smart constructor.
data FindingSource
FindingSource' :: Maybe FindingSourceDetail -> FindingSourceType -> FindingSource

-- | Includes details about how the access that generated the finding is
--   granted. This is populated for Amazon S3 bucket findings.
[$sel:detail:FindingSource'] :: FindingSource -> Maybe FindingSourceDetail

-- | Indicates the type of access that generated the finding.
[$sel:type':FindingSource'] :: FindingSource -> FindingSourceType

-- | Create a value of <a>FindingSource</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:detail:FindingSource'</a>, <a>findingSource_detail</a> -
--   Includes details about how the access that generated the finding is
--   granted. This is populated for Amazon S3 bucket findings.
--   
--   <a>$sel:type':FindingSource'</a>, <a>findingSource_type</a> -
--   Indicates the type of access that generated the finding.
newFindingSource :: FindingSourceType -> FindingSource

-- | Includes details about how the access that generated the finding is
--   granted. This is populated for Amazon S3 bucket findings.
findingSource_detail :: Lens' FindingSource (Maybe FindingSourceDetail)

-- | Indicates the type of access that generated the finding.
findingSource_type :: Lens' FindingSource FindingSourceType
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.FindingSource.FindingSource
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.FindingSource.FindingSource
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.FindingSource.FindingSource
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.FindingSource.FindingSource
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.FindingSource.FindingSource
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.FindingSource.FindingSource
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.FindingSource.FindingSource


module Amazonka.AccessAnalyzer.Types.FindingStatus
newtype FindingStatus
FindingStatus' :: Text -> FindingStatus
[fromFindingStatus] :: FindingStatus -> Text
pattern FindingStatus_ACTIVE :: FindingStatus
pattern FindingStatus_ARCHIVED :: FindingStatus
pattern FindingStatus_RESOLVED :: FindingStatus
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.FindingStatus.FindingStatus


module Amazonka.AccessAnalyzer.Types.FindingStatusUpdate
newtype FindingStatusUpdate
FindingStatusUpdate' :: Text -> FindingStatusUpdate
[fromFindingStatusUpdate] :: FindingStatusUpdate -> Text
pattern FindingStatusUpdate_ACTIVE :: FindingStatusUpdate
pattern FindingStatusUpdate_ARCHIVED :: FindingStatusUpdate
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.FindingStatusUpdate.FindingStatusUpdate


module Amazonka.AccessAnalyzer.Types.GeneratedPolicy

-- | Contains the text for the generated policy.
--   
--   <i>See:</i> <a>newGeneratedPolicy</a> smart constructor.
data GeneratedPolicy
GeneratedPolicy' :: Text -> GeneratedPolicy

-- | The text to use as the content for the new policy. The policy is
--   created using the <a>CreatePolicy</a> action.
[$sel:policy:GeneratedPolicy'] :: GeneratedPolicy -> Text

-- | Create a value of <a>GeneratedPolicy</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:policy:GeneratedPolicy'</a>, <a>generatedPolicy_policy</a> -
--   The text to use as the content for the new policy. The policy is
--   created using the <a>CreatePolicy</a> action.
newGeneratedPolicy :: Text -> GeneratedPolicy

-- | The text to use as the content for the new policy. The policy is
--   created using the <a>CreatePolicy</a> action.
generatedPolicy_policy :: Lens' GeneratedPolicy Text
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.GeneratedPolicy.GeneratedPolicy
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.GeneratedPolicy.GeneratedPolicy
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.GeneratedPolicy.GeneratedPolicy
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.GeneratedPolicy.GeneratedPolicy
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.GeneratedPolicy.GeneratedPolicy
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.GeneratedPolicy.GeneratedPolicy
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.GeneratedPolicy.GeneratedPolicy


module Amazonka.AccessAnalyzer.Types.IamRoleConfiguration

-- | The proposed access control configuration for an IAM role. You can
--   propose a configuration for a new IAM role or an existing IAM role
--   that you own by specifying the trust policy. If the configuration is
--   for a new IAM role, you must specify the trust policy. If the
--   configuration is for an existing IAM role that you own and you do not
--   propose the trust policy, the access preview uses the existing trust
--   policy for the role. The proposed trust policy cannot be an empty
--   string. For more information about role trust policy limits, see
--   <a>IAM and STS quotas</a>.
--   
--   <i>See:</i> <a>newIamRoleConfiguration</a> smart constructor.
data IamRoleConfiguration
IamRoleConfiguration' :: Maybe Text -> IamRoleConfiguration

-- | The proposed trust policy for the IAM role.
[$sel:trustPolicy:IamRoleConfiguration'] :: IamRoleConfiguration -> Maybe Text

-- | Create a value of <a>IamRoleConfiguration</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:trustPolicy:IamRoleConfiguration'</a>,
--   <a>iamRoleConfiguration_trustPolicy</a> - The proposed trust policy
--   for the IAM role.
newIamRoleConfiguration :: IamRoleConfiguration

-- | The proposed trust policy for the IAM role.
iamRoleConfiguration_trustPolicy :: Lens' IamRoleConfiguration (Maybe Text)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.IamRoleConfiguration.IamRoleConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.IamRoleConfiguration.IamRoleConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.IamRoleConfiguration.IamRoleConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.IamRoleConfiguration.IamRoleConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.IamRoleConfiguration.IamRoleConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.IamRoleConfiguration.IamRoleConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.IamRoleConfiguration.IamRoleConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.IamRoleConfiguration.IamRoleConfiguration


module Amazonka.AccessAnalyzer.Types.InlineArchiveRule

-- | An criterion statement in an archive rule. Each archive rule may have
--   multiple criteria.
--   
--   <i>See:</i> <a>newInlineArchiveRule</a> smart constructor.
data InlineArchiveRule
InlineArchiveRule' :: Text -> HashMap Text Criterion -> InlineArchiveRule

-- | The name of the rule.
[$sel:ruleName:InlineArchiveRule'] :: InlineArchiveRule -> Text

-- | The condition and values for a criterion.
[$sel:filter':InlineArchiveRule'] :: InlineArchiveRule -> HashMap Text Criterion

-- | Create a value of <a>InlineArchiveRule</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:ruleName:InlineArchiveRule'</a>,
--   <a>inlineArchiveRule_ruleName</a> - The name of the rule.
--   
--   <a>$sel:filter':InlineArchiveRule'</a>,
--   <a>inlineArchiveRule_filter</a> - The condition and values for a
--   criterion.
newInlineArchiveRule :: Text -> InlineArchiveRule

-- | The name of the rule.
inlineArchiveRule_ruleName :: Lens' InlineArchiveRule Text

-- | The condition and values for a criterion.
inlineArchiveRule_filter :: Lens' InlineArchiveRule (HashMap Text Criterion)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.InlineArchiveRule.InlineArchiveRule
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.InlineArchiveRule.InlineArchiveRule
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.InlineArchiveRule.InlineArchiveRule
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.InlineArchiveRule.InlineArchiveRule
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.InlineArchiveRule.InlineArchiveRule
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.InlineArchiveRule.InlineArchiveRule
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.InlineArchiveRule.InlineArchiveRule


module Amazonka.AccessAnalyzer.Types.InternetConfiguration

-- | This configuration sets the network origin for the Amazon S3 access
--   point or multi-region access point to <tt>Internet</tt>.
--   
--   <i>See:</i> <a>newInternetConfiguration</a> smart constructor.
data InternetConfiguration
InternetConfiguration' :: InternetConfiguration

-- | Create a value of <a>InternetConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newInternetConfiguration :: InternetConfiguration
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.InternetConfiguration.InternetConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.InternetConfiguration.InternetConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.InternetConfiguration.InternetConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.InternetConfiguration.InternetConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.InternetConfiguration.InternetConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.InternetConfiguration.InternetConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.InternetConfiguration.InternetConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.InternetConfiguration.InternetConfiguration


module Amazonka.AccessAnalyzer.Types.JobErrorCode
newtype JobErrorCode
JobErrorCode' :: Text -> JobErrorCode
[fromJobErrorCode] :: JobErrorCode -> Text
pattern JobErrorCode_AUTHORIZATION_ERROR :: JobErrorCode
pattern JobErrorCode_RESOURCE_NOT_FOUND_ERROR :: JobErrorCode
pattern JobErrorCode_SERVICE_ERROR :: JobErrorCode
pattern JobErrorCode_SERVICE_QUOTA_EXCEEDED_ERROR :: JobErrorCode
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.JobErrorCode.JobErrorCode


module Amazonka.AccessAnalyzer.Types.JobError

-- | Contains the details about the policy generation error.
--   
--   <i>See:</i> <a>newJobError</a> smart constructor.
data JobError
JobError' :: JobErrorCode -> Text -> JobError

-- | The job error code.
[$sel:code:JobError'] :: JobError -> JobErrorCode

-- | Specific information about the error. For example, which service quota
--   was exceeded or which resource was not found.
[$sel:message:JobError'] :: JobError -> Text

-- | Create a value of <a>JobError</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:code:JobError'</a>, <a>jobError_code</a> - The job error code.
--   
--   <a>$sel:message:JobError'</a>, <a>jobError_message</a> - Specific
--   information about the error. For example, which service quota was
--   exceeded or which resource was not found.
newJobError :: JobErrorCode -> Text -> JobError

-- | The job error code.
jobError_code :: Lens' JobError JobErrorCode

-- | Specific information about the error. For example, which service quota
--   was exceeded or which resource was not found.
jobError_message :: Lens' JobError Text
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.JobError.JobError
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.JobError.JobError
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.JobError.JobError
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.JobError.JobError
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.JobError.JobError
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.JobError.JobError
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.JobError.JobError


module Amazonka.AccessAnalyzer.Types.JobStatus
newtype JobStatus
JobStatus' :: Text -> JobStatus
[fromJobStatus] :: JobStatus -> Text
pattern JobStatus_CANCELED :: JobStatus
pattern JobStatus_FAILED :: JobStatus
pattern JobStatus_IN_PROGRESS :: JobStatus
pattern JobStatus_SUCCEEDED :: JobStatus
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.JobStatus.JobStatus


module Amazonka.AccessAnalyzer.Types.JobDetails

-- | Contains details about the policy generation request.
--   
--   <i>See:</i> <a>newJobDetails</a> smart constructor.
data JobDetails
JobDetails' :: Maybe ISO8601 -> Maybe JobError -> Text -> JobStatus -> ISO8601 -> JobDetails

-- | A timestamp of when the job was completed.
[$sel:completedOn:JobDetails'] :: JobDetails -> Maybe ISO8601

-- | The job error for the policy generation request.
[$sel:jobError:JobDetails'] :: JobDetails -> Maybe JobError

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
[$sel:jobId:JobDetails'] :: JobDetails -> Text

-- | The status of the job request.
[$sel:status:JobDetails'] :: JobDetails -> JobStatus

-- | A timestamp of when the job was started.
[$sel:startedOn:JobDetails'] :: JobDetails -> ISO8601

-- | Create a value of <a>JobDetails</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:completedOn:JobDetails'</a>, <a>jobDetails_completedOn</a> - A
--   timestamp of when the job was completed.
--   
--   <a>$sel:jobError:JobDetails'</a>, <a>jobDetails_jobError</a> - The job
--   error for the policy generation request.
--   
--   <a>$sel:jobId:JobDetails'</a>, <a>jobDetails_jobId</a> - The
--   <tt>JobId</tt> that is returned by the <tt>StartPolicyGeneration</tt>
--   operation. The <tt>JobId</tt> can be used with
--   <tt>GetGeneratedPolicy</tt> to retrieve the generated policies or used
--   with <tt>CancelPolicyGeneration</tt> to cancel the policy generation
--   request.
--   
--   <a>$sel:status:JobDetails'</a>, <a>jobDetails_status</a> - The status
--   of the job request.
--   
--   <a>$sel:startedOn:JobDetails'</a>, <a>jobDetails_startedOn</a> - A
--   timestamp of when the job was started.
newJobDetails :: Text -> JobStatus -> UTCTime -> JobDetails

-- | A timestamp of when the job was completed.
jobDetails_completedOn :: Lens' JobDetails (Maybe UTCTime)

-- | The job error for the policy generation request.
jobDetails_jobError :: Lens' JobDetails (Maybe JobError)

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
jobDetails_jobId :: Lens' JobDetails Text

-- | The status of the job request.
jobDetails_status :: Lens' JobDetails JobStatus

-- | A timestamp of when the job was started.
jobDetails_startedOn :: Lens' JobDetails UTCTime
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.JobDetails.JobDetails
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.JobDetails.JobDetails
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.JobDetails.JobDetails
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.JobDetails.JobDetails
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.JobDetails.JobDetails
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.JobDetails.JobDetails
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.JobDetails.JobDetails


module Amazonka.AccessAnalyzer.Types.KmsGrantConstraints

-- | Use this structure to propose allowing <a>cryptographic operations</a>
--   in the grant only when the operation request includes the specified
--   <a>encryption context</a>. You can specify only one type of encryption
--   context. An empty map is treated as not specified. For more
--   information, see <a>GrantConstraints</a>.
--   
--   <i>See:</i> <a>newKmsGrantConstraints</a> smart constructor.
data KmsGrantConstraints
KmsGrantConstraints' :: Maybe (HashMap Text Text) -> Maybe (HashMap Text Text) -> KmsGrantConstraints

-- | A list of key-value pairs that must match the encryption context in
--   the <a>cryptographic operation</a> request. The grant allows the
--   operation only when the encryption context in the request is the same
--   as the encryption context specified in this constraint.
[$sel:encryptionContextEquals:KmsGrantConstraints'] :: KmsGrantConstraints -> Maybe (HashMap Text Text)

-- | A list of key-value pairs that must be included in the encryption
--   context of the <a>cryptographic operation</a> request. The grant
--   allows the cryptographic operation only when the encryption context in
--   the request includes the key-value pairs specified in this constraint,
--   although it can include additional key-value pairs.
[$sel:encryptionContextSubset:KmsGrantConstraints'] :: KmsGrantConstraints -> Maybe (HashMap Text Text)

-- | Create a value of <a>KmsGrantConstraints</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:encryptionContextEquals:KmsGrantConstraints'</a>,
--   <a>kmsGrantConstraints_encryptionContextEquals</a> - A list of
--   key-value pairs that must match the encryption context in the
--   <a>cryptographic operation</a> request. The grant allows the operation
--   only when the encryption context in the request is the same as the
--   encryption context specified in this constraint.
--   
--   <a>$sel:encryptionContextSubset:KmsGrantConstraints'</a>,
--   <a>kmsGrantConstraints_encryptionContextSubset</a> - A list of
--   key-value pairs that must be included in the encryption context of the
--   <a>cryptographic operation</a> request. The grant allows the
--   cryptographic operation only when the encryption context in the
--   request includes the key-value pairs specified in this constraint,
--   although it can include additional key-value pairs.
newKmsGrantConstraints :: KmsGrantConstraints

-- | A list of key-value pairs that must match the encryption context in
--   the <a>cryptographic operation</a> request. The grant allows the
--   operation only when the encryption context in the request is the same
--   as the encryption context specified in this constraint.
kmsGrantConstraints_encryptionContextEquals :: Lens' KmsGrantConstraints (Maybe (HashMap Text Text))

-- | A list of key-value pairs that must be included in the encryption
--   context of the <a>cryptographic operation</a> request. The grant
--   allows the cryptographic operation only when the encryption context in
--   the request includes the key-value pairs specified in this constraint,
--   although it can include additional key-value pairs.
kmsGrantConstraints_encryptionContextSubset :: Lens' KmsGrantConstraints (Maybe (HashMap Text Text))
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.KmsGrantConstraints.KmsGrantConstraints
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.KmsGrantConstraints.KmsGrantConstraints
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.KmsGrantConstraints.KmsGrantConstraints
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.KmsGrantConstraints.KmsGrantConstraints
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.KmsGrantConstraints.KmsGrantConstraints
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.KmsGrantConstraints.KmsGrantConstraints
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.KmsGrantConstraints.KmsGrantConstraints
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.KmsGrantConstraints.KmsGrantConstraints


module Amazonka.AccessAnalyzer.Types.KmsGrantOperation
newtype KmsGrantOperation
KmsGrantOperation' :: Text -> KmsGrantOperation
[fromKmsGrantOperation] :: KmsGrantOperation -> Text
pattern KmsGrantOperation_CreateGrant :: KmsGrantOperation
pattern KmsGrantOperation_Decrypt :: KmsGrantOperation
pattern KmsGrantOperation_DescribeKey :: KmsGrantOperation
pattern KmsGrantOperation_Encrypt :: KmsGrantOperation
pattern KmsGrantOperation_GenerateDataKey :: KmsGrantOperation
pattern KmsGrantOperation_GenerateDataKeyPair :: KmsGrantOperation
pattern KmsGrantOperation_GenerateDataKeyPairWithoutPlaintext :: KmsGrantOperation
pattern KmsGrantOperation_GenerateDataKeyWithoutPlaintext :: KmsGrantOperation
pattern KmsGrantOperation_GetPublicKey :: KmsGrantOperation
pattern KmsGrantOperation_ReEncryptFrom :: KmsGrantOperation
pattern KmsGrantOperation_ReEncryptTo :: KmsGrantOperation
pattern KmsGrantOperation_RetireGrant :: KmsGrantOperation
pattern KmsGrantOperation_Sign :: KmsGrantOperation
pattern KmsGrantOperation_Verify :: KmsGrantOperation
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.KmsGrantOperation.KmsGrantOperation


module Amazonka.AccessAnalyzer.Types.KmsGrantConfiguration

-- | A proposed grant configuration for a KMS key. For more information,
--   see <a>CreateGrant</a>.
--   
--   <i>See:</i> <a>newKmsGrantConfiguration</a> smart constructor.
data KmsGrantConfiguration
KmsGrantConfiguration' :: Maybe KmsGrantConstraints -> Maybe Text -> [KmsGrantOperation] -> Text -> Text -> KmsGrantConfiguration

-- | Use this structure to propose allowing <a>cryptographic operations</a>
--   in the grant only when the operation request includes the specified
--   <a>encryption context</a>.
[$sel:constraints:KmsGrantConfiguration'] :: KmsGrantConfiguration -> Maybe KmsGrantConstraints

-- | The principal that is given permission to retire the grant by using
--   <a>RetireGrant</a> operation.
[$sel:retiringPrincipal:KmsGrantConfiguration'] :: KmsGrantConfiguration -> Maybe Text

-- | A list of operations that the grant permits.
[$sel:operations:KmsGrantConfiguration'] :: KmsGrantConfiguration -> [KmsGrantOperation]

-- | The principal that is given permission to perform the operations that
--   the grant permits.
[$sel:granteePrincipal:KmsGrantConfiguration'] :: KmsGrantConfiguration -> Text

-- | The Amazon Web Services account under which the grant was issued. The
--   account is used to propose KMS grants issued by accounts other than
--   the owner of the key.
[$sel:issuingAccount:KmsGrantConfiguration'] :: KmsGrantConfiguration -> Text

-- | Create a value of <a>KmsGrantConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:constraints:KmsGrantConfiguration'</a>,
--   <a>kmsGrantConfiguration_constraints</a> - Use this structure to
--   propose allowing <a>cryptographic operations</a> in the grant only
--   when the operation request includes the specified <a>encryption
--   context</a>.
--   
--   <a>$sel:retiringPrincipal:KmsGrantConfiguration'</a>,
--   <a>kmsGrantConfiguration_retiringPrincipal</a> - The principal that is
--   given permission to retire the grant by using <a>RetireGrant</a>
--   operation.
--   
--   <a>$sel:operations:KmsGrantConfiguration'</a>,
--   <a>kmsGrantConfiguration_operations</a> - A list of operations that
--   the grant permits.
--   
--   <a>$sel:granteePrincipal:KmsGrantConfiguration'</a>,
--   <a>kmsGrantConfiguration_granteePrincipal</a> - The principal that is
--   given permission to perform the operations that the grant permits.
--   
--   <a>$sel:issuingAccount:KmsGrantConfiguration'</a>,
--   <a>kmsGrantConfiguration_issuingAccount</a> - The Amazon Web Services
--   account under which the grant was issued. The account is used to
--   propose KMS grants issued by accounts other than the owner of the key.
newKmsGrantConfiguration :: Text -> Text -> KmsGrantConfiguration

-- | Use this structure to propose allowing <a>cryptographic operations</a>
--   in the grant only when the operation request includes the specified
--   <a>encryption context</a>.
kmsGrantConfiguration_constraints :: Lens' KmsGrantConfiguration (Maybe KmsGrantConstraints)

-- | The principal that is given permission to retire the grant by using
--   <a>RetireGrant</a> operation.
kmsGrantConfiguration_retiringPrincipal :: Lens' KmsGrantConfiguration (Maybe Text)

-- | A list of operations that the grant permits.
kmsGrantConfiguration_operations :: Lens' KmsGrantConfiguration [KmsGrantOperation]

-- | The principal that is given permission to perform the operations that
--   the grant permits.
kmsGrantConfiguration_granteePrincipal :: Lens' KmsGrantConfiguration Text

-- | The Amazon Web Services account under which the grant was issued. The
--   account is used to propose KMS grants issued by accounts other than
--   the owner of the key.
kmsGrantConfiguration_issuingAccount :: Lens' KmsGrantConfiguration Text
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.KmsGrantConfiguration.KmsGrantConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.KmsGrantConfiguration.KmsGrantConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.KmsGrantConfiguration.KmsGrantConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.KmsGrantConfiguration.KmsGrantConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.KmsGrantConfiguration.KmsGrantConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.KmsGrantConfiguration.KmsGrantConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.KmsGrantConfiguration.KmsGrantConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.KmsGrantConfiguration.KmsGrantConfiguration


module Amazonka.AccessAnalyzer.Types.KmsKeyConfiguration

-- | Proposed access control configuration for a KMS key. You can propose a
--   configuration for a new KMS key or an existing KMS key that you own by
--   specifying the key policy and KMS grant configuration. If the
--   configuration is for an existing key and you do not specify the key
--   policy, the access preview uses the existing policy for the key. If
--   the access preview is for a new resource and you do not specify the
--   key policy, then the access preview uses the default key policy. The
--   proposed key policy cannot be an empty string. For more information,
--   see <a>Default key policy</a>. For more information about key policy
--   limits, see <a>Resource quotas</a>.
--   
--   <i>See:</i> <a>newKmsKeyConfiguration</a> smart constructor.
data KmsKeyConfiguration
KmsKeyConfiguration' :: Maybe [KmsGrantConfiguration] -> Maybe (HashMap Text Text) -> KmsKeyConfiguration

-- | A list of proposed grant configurations for the KMS key. If the
--   proposed grant configuration is for an existing key, the access
--   preview uses the proposed list of grant configurations in place of the
--   existing grants. Otherwise, the access preview uses the existing
--   grants for the key.
[$sel:grants:KmsKeyConfiguration'] :: KmsKeyConfiguration -> Maybe [KmsGrantConfiguration]

-- | Resource policy configuration for the KMS key. The only valid value
--   for the name of the key policy is <tt>default</tt>. For more
--   information, see <a>Default key policy</a>.
[$sel:keyPolicies:KmsKeyConfiguration'] :: KmsKeyConfiguration -> Maybe (HashMap Text Text)

-- | Create a value of <a>KmsKeyConfiguration</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:grants:KmsKeyConfiguration'</a>,
--   <a>kmsKeyConfiguration_grants</a> - A list of proposed grant
--   configurations for the KMS key. If the proposed grant configuration is
--   for an existing key, the access preview uses the proposed list of
--   grant configurations in place of the existing grants. Otherwise, the
--   access preview uses the existing grants for the key.
--   
--   <a>$sel:keyPolicies:KmsKeyConfiguration'</a>,
--   <a>kmsKeyConfiguration_keyPolicies</a> - Resource policy configuration
--   for the KMS key. The only valid value for the name of the key policy
--   is <tt>default</tt>. For more information, see <a>Default key
--   policy</a>.
newKmsKeyConfiguration :: KmsKeyConfiguration

-- | A list of proposed grant configurations for the KMS key. If the
--   proposed grant configuration is for an existing key, the access
--   preview uses the proposed list of grant configurations in place of the
--   existing grants. Otherwise, the access preview uses the existing
--   grants for the key.
kmsKeyConfiguration_grants :: Lens' KmsKeyConfiguration (Maybe [KmsGrantConfiguration])

-- | Resource policy configuration for the KMS key. The only valid value
--   for the name of the key policy is <tt>default</tt>. For more
--   information, see <a>Default key policy</a>.
kmsKeyConfiguration_keyPolicies :: Lens' KmsKeyConfiguration (Maybe (HashMap Text Text))
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.KmsKeyConfiguration.KmsKeyConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.KmsKeyConfiguration.KmsKeyConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.KmsKeyConfiguration.KmsKeyConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.KmsKeyConfiguration.KmsKeyConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.KmsKeyConfiguration.KmsKeyConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.KmsKeyConfiguration.KmsKeyConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.KmsKeyConfiguration.KmsKeyConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.KmsKeyConfiguration.KmsKeyConfiguration


module Amazonka.AccessAnalyzer.Types.Locale
newtype Locale
Locale' :: Text -> Locale
[fromLocale] :: Locale -> Text
pattern Locale_DE :: Locale
pattern Locale_EN :: Locale
pattern Locale_ES :: Locale
pattern Locale_FR :: Locale
pattern Locale_IT :: Locale
pattern Locale_JA :: Locale
pattern Locale_KO :: Locale
pattern Locale_PT_BR :: Locale
pattern Locale_ZH_CN :: Locale
pattern Locale_ZH_TW :: Locale
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.Locale.Locale
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.Locale.Locale
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.Locale.Locale
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.Locale.Locale
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.Locale.Locale
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.Locale.Locale
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.Locale.Locale
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.Locale.Locale
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.Locale.Locale
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.Locale.Locale
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.Locale.Locale
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.Locale.Locale
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.Locale.Locale
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.Locale.Locale
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.Locale.Locale
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.Locale.Locale
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.Locale.Locale
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.Locale.Locale
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.Locale.Locale


module Amazonka.AccessAnalyzer.Types.OrderBy
newtype OrderBy
OrderBy' :: Text -> OrderBy
[fromOrderBy] :: OrderBy -> Text
pattern OrderBy_ASC :: OrderBy
pattern OrderBy_DESC :: OrderBy
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.OrderBy.OrderBy


module Amazonka.AccessAnalyzer.Types.PolicyGeneration

-- | Contains details about the policy generation status and properties.
--   
--   <i>See:</i> <a>newPolicyGeneration</a> smart constructor.
data PolicyGeneration
PolicyGeneration' :: Maybe ISO8601 -> Text -> Text -> JobStatus -> ISO8601 -> PolicyGeneration

-- | A timestamp of when the policy generation was completed.
[$sel:completedOn:PolicyGeneration'] :: PolicyGeneration -> Maybe ISO8601

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
[$sel:jobId:PolicyGeneration'] :: PolicyGeneration -> Text

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy.
[$sel:principalArn:PolicyGeneration'] :: PolicyGeneration -> Text

-- | The status of the policy generation request.
[$sel:status:PolicyGeneration'] :: PolicyGeneration -> JobStatus

-- | A timestamp of when the policy generation started.
[$sel:startedOn:PolicyGeneration'] :: PolicyGeneration -> ISO8601

-- | Create a value of <a>PolicyGeneration</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:completedOn:PolicyGeneration'</a>,
--   <a>policyGeneration_completedOn</a> - A timestamp of when the policy
--   generation was completed.
--   
--   <a>$sel:jobId:PolicyGeneration'</a>, <a>policyGeneration_jobId</a> -
--   The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
--   
--   <a>$sel:principalArn:PolicyGeneration'</a>,
--   <a>policyGeneration_principalArn</a> - The ARN of the IAM entity (user
--   or role) for which you are generating a policy.
--   
--   <a>$sel:status:PolicyGeneration'</a>, <a>policyGeneration_status</a> -
--   The status of the policy generation request.
--   
--   <a>$sel:startedOn:PolicyGeneration'</a>,
--   <a>policyGeneration_startedOn</a> - A timestamp of when the policy
--   generation started.
newPolicyGeneration :: Text -> Text -> JobStatus -> UTCTime -> PolicyGeneration

-- | A timestamp of when the policy generation was completed.
policyGeneration_completedOn :: Lens' PolicyGeneration (Maybe UTCTime)

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
policyGeneration_jobId :: Lens' PolicyGeneration Text

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy.
policyGeneration_principalArn :: Lens' PolicyGeneration Text

-- | The status of the policy generation request.
policyGeneration_status :: Lens' PolicyGeneration JobStatus

-- | A timestamp of when the policy generation started.
policyGeneration_startedOn :: Lens' PolicyGeneration UTCTime
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.PolicyGeneration.PolicyGeneration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.PolicyGeneration.PolicyGeneration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.PolicyGeneration.PolicyGeneration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.PolicyGeneration.PolicyGeneration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.PolicyGeneration.PolicyGeneration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.PolicyGeneration.PolicyGeneration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.PolicyGeneration.PolicyGeneration


module Amazonka.AccessAnalyzer.Types.PolicyGenerationDetails

-- | Contains the ARN details about the IAM entity for which the policy is
--   generated.
--   
--   <i>See:</i> <a>newPolicyGenerationDetails</a> smart constructor.
data PolicyGenerationDetails
PolicyGenerationDetails' :: Text -> PolicyGenerationDetails

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy.
[$sel:principalArn:PolicyGenerationDetails'] :: PolicyGenerationDetails -> Text

-- | Create a value of <a>PolicyGenerationDetails</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:principalArn:PolicyGenerationDetails'</a>,
--   <a>policyGenerationDetails_principalArn</a> - The ARN of the IAM
--   entity (user or role) for which you are generating a policy.
newPolicyGenerationDetails :: Text -> PolicyGenerationDetails

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy.
policyGenerationDetails_principalArn :: Lens' PolicyGenerationDetails Text
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.PolicyGenerationDetails.PolicyGenerationDetails
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.PolicyGenerationDetails.PolicyGenerationDetails
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.PolicyGenerationDetails.PolicyGenerationDetails
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.PolicyGenerationDetails.PolicyGenerationDetails
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.PolicyGenerationDetails.PolicyGenerationDetails
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.PolicyGenerationDetails.PolicyGenerationDetails
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.PolicyGenerationDetails.PolicyGenerationDetails


module Amazonka.AccessAnalyzer.Types.PolicyType
newtype PolicyType
PolicyType' :: Text -> PolicyType
[fromPolicyType] :: PolicyType -> Text
pattern PolicyType_IDENTITY_POLICY :: PolicyType
pattern PolicyType_RESOURCE_POLICY :: PolicyType
pattern PolicyType_SERVICE_CONTROL_POLICY :: PolicyType
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.PolicyType.PolicyType


module Amazonka.AccessAnalyzer.Types.Position

-- | A position in a policy.
--   
--   <i>See:</i> <a>newPosition</a> smart constructor.
data Position
Position' :: Int -> Int -> Int -> Position

-- | The line of the position, starting from 1.
[$sel:line:Position'] :: Position -> Int

-- | The column of the position, starting from 0.
[$sel:column:Position'] :: Position -> Int

-- | The offset within the policy that corresponds to the position,
--   starting from 0.
[$sel:offset:Position'] :: Position -> Int

-- | Create a value of <a>Position</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:line:Position'</a>, <a>position_line</a> - The line of the
--   position, starting from 1.
--   
--   <a>$sel:column:Position'</a>, <a>position_column</a> - The column of
--   the position, starting from 0.
--   
--   <a>$sel:offset:Position'</a>, <a>position_offset</a> - The offset
--   within the policy that corresponds to the position, starting from 0.
newPosition :: Int -> Int -> Int -> Position

-- | The line of the position, starting from 1.
position_line :: Lens' Position Int

-- | The column of the position, starting from 0.
position_column :: Lens' Position Int

-- | The offset within the policy that corresponds to the position,
--   starting from 0.
position_offset :: Lens' Position Int
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.Position.Position
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.Position.Position
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.Position.Position
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.Position.Position
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.Position.Position
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.Position.Position
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.Position.Position


module Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotAttributeValue

-- | The values for a manual Amazon RDS DB cluster snapshot attribute.
--   
--   <i>See:</i> <a>newRdsDbClusterSnapshotAttributeValue</a> smart
--   constructor.
data RdsDbClusterSnapshotAttributeValue
RdsDbClusterSnapshotAttributeValue' :: Maybe [Text] -> RdsDbClusterSnapshotAttributeValue

-- | The Amazon Web Services account IDs that have access to the manual
--   Amazon RDS DB cluster snapshot. If the value <tt>all</tt> is
--   specified, then the Amazon RDS DB cluster snapshot is public and can
--   be copied or restored by all Amazon Web Services accounts.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB cluster
--   snapshot and you do not specify the <tt>accountIds</tt> in
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>, then the access preview
--   uses the existing shared <tt>accountIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>accountIds</tt> in
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>, then the access preview
--   considers the snapshot without any attributes.</li>
--   <li>To propose deletion of existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>accountIds</tt> in the
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>.</li>
--   </ul>
[$sel:accountIds:RdsDbClusterSnapshotAttributeValue'] :: RdsDbClusterSnapshotAttributeValue -> Maybe [Text]

-- | Create a value of <a>RdsDbClusterSnapshotAttributeValue</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accountIds:RdsDbClusterSnapshotAttributeValue'</a>,
--   <a>rdsDbClusterSnapshotAttributeValue_accountIds</a> - The Amazon Web
--   Services account IDs that have access to the manual Amazon RDS DB
--   cluster snapshot. If the value <tt>all</tt> is specified, then the
--   Amazon RDS DB cluster snapshot is public and can be copied or restored
--   by all Amazon Web Services accounts.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB cluster
--   snapshot and you do not specify the <tt>accountIds</tt> in
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>, then the access preview
--   uses the existing shared <tt>accountIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>accountIds</tt> in
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>, then the access preview
--   considers the snapshot without any attributes.</li>
--   <li>To propose deletion of existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>accountIds</tt> in the
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>.</li>
--   </ul>
newRdsDbClusterSnapshotAttributeValue :: RdsDbClusterSnapshotAttributeValue

-- | The Amazon Web Services account IDs that have access to the manual
--   Amazon RDS DB cluster snapshot. If the value <tt>all</tt> is
--   specified, then the Amazon RDS DB cluster snapshot is public and can
--   be copied or restored by all Amazon Web Services accounts.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB cluster
--   snapshot and you do not specify the <tt>accountIds</tt> in
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>, then the access preview
--   uses the existing shared <tt>accountIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>accountIds</tt> in
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>, then the access preview
--   considers the snapshot without any attributes.</li>
--   <li>To propose deletion of existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>accountIds</tt> in the
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>.</li>
--   </ul>
rdsDbClusterSnapshotAttributeValue_accountIds :: Lens' RdsDbClusterSnapshotAttributeValue (Maybe [Text])
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotAttributeValue.RdsDbClusterSnapshotAttributeValue
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotAttributeValue.RdsDbClusterSnapshotAttributeValue
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotAttributeValue.RdsDbClusterSnapshotAttributeValue
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotAttributeValue.RdsDbClusterSnapshotAttributeValue
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotAttributeValue.RdsDbClusterSnapshotAttributeValue
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotAttributeValue.RdsDbClusterSnapshotAttributeValue
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotAttributeValue.RdsDbClusterSnapshotAttributeValue
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotAttributeValue.RdsDbClusterSnapshotAttributeValue


module Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotConfiguration

-- | The proposed access control configuration for an Amazon RDS DB cluster
--   snapshot. You can propose a configuration for a new Amazon RDS DB
--   cluster snapshot or an Amazon RDS DB cluster snapshot that you own by
--   specifying the <tt>RdsDbClusterSnapshotAttributeValue</tt> and
--   optional KMS encryption key. For more information, see
--   <a>ModifyDBClusterSnapshotAttribute</a>.
--   
--   <i>See:</i> <a>newRdsDbClusterSnapshotConfiguration</a> smart
--   constructor.
data RdsDbClusterSnapshotConfiguration
RdsDbClusterSnapshotConfiguration' :: Maybe (HashMap Text RdsDbClusterSnapshotAttributeValue) -> Maybe Text -> RdsDbClusterSnapshotConfiguration

-- | The names and values of manual DB cluster snapshot attributes. Manual
--   DB cluster snapshot attributes are used to authorize other Amazon Web
--   Services accounts to restore a manual DB cluster snapshot. The only
--   valid value for <tt>AttributeName</tt> for the attribute map is
--   <tt>restore</tt>
[$sel:attributes:RdsDbClusterSnapshotConfiguration'] :: RdsDbClusterSnapshotConfiguration -> Maybe (HashMap Text RdsDbClusterSnapshotAttributeValue)

-- | The KMS key identifier for an encrypted Amazon RDS DB cluster
--   snapshot. The KMS key identifier is the key ARN, key ID, alias ARN, or
--   alias name for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB cluster
--   snapshot and you do not specify the <tt>kmsKeyId</tt>, or you specify
--   an empty string, then the access preview uses the existing
--   <tt>kmsKeyId</tt> of the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>kmsKeyId</tt>, then the access preview considers
--   the snapshot as unencrypted.</li>
--   </ul>
[$sel:kmsKeyId:RdsDbClusterSnapshotConfiguration'] :: RdsDbClusterSnapshotConfiguration -> Maybe Text

-- | Create a value of <a>RdsDbClusterSnapshotConfiguration</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:attributes:RdsDbClusterSnapshotConfiguration'</a>,
--   <a>rdsDbClusterSnapshotConfiguration_attributes</a> - The names and
--   values of manual DB cluster snapshot attributes. Manual DB cluster
--   snapshot attributes are used to authorize other Amazon Web Services
--   accounts to restore a manual DB cluster snapshot. The only valid value
--   for <tt>AttributeName</tt> for the attribute map is <tt>restore</tt>
--   
--   <a>$sel:kmsKeyId:RdsDbClusterSnapshotConfiguration'</a>,
--   <a>rdsDbClusterSnapshotConfiguration_kmsKeyId</a> - The KMS key
--   identifier for an encrypted Amazon RDS DB cluster snapshot. The KMS
--   key identifier is the key ARN, key ID, alias ARN, or alias name for
--   the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB cluster
--   snapshot and you do not specify the <tt>kmsKeyId</tt>, or you specify
--   an empty string, then the access preview uses the existing
--   <tt>kmsKeyId</tt> of the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>kmsKeyId</tt>, then the access preview considers
--   the snapshot as unencrypted.</li>
--   </ul>
newRdsDbClusterSnapshotConfiguration :: RdsDbClusterSnapshotConfiguration

-- | The names and values of manual DB cluster snapshot attributes. Manual
--   DB cluster snapshot attributes are used to authorize other Amazon Web
--   Services accounts to restore a manual DB cluster snapshot. The only
--   valid value for <tt>AttributeName</tt> for the attribute map is
--   <tt>restore</tt>
rdsDbClusterSnapshotConfiguration_attributes :: Lens' RdsDbClusterSnapshotConfiguration (Maybe (HashMap Text RdsDbClusterSnapshotAttributeValue))

-- | The KMS key identifier for an encrypted Amazon RDS DB cluster
--   snapshot. The KMS key identifier is the key ARN, key ID, alias ARN, or
--   alias name for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB cluster
--   snapshot and you do not specify the <tt>kmsKeyId</tt>, or you specify
--   an empty string, then the access preview uses the existing
--   <tt>kmsKeyId</tt> of the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>kmsKeyId</tt>, then the access preview considers
--   the snapshot as unencrypted.</li>
--   </ul>
rdsDbClusterSnapshotConfiguration_kmsKeyId :: Lens' RdsDbClusterSnapshotConfiguration (Maybe Text)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotConfiguration.RdsDbClusterSnapshotConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotConfiguration.RdsDbClusterSnapshotConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotConfiguration.RdsDbClusterSnapshotConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotConfiguration.RdsDbClusterSnapshotConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotConfiguration.RdsDbClusterSnapshotConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotConfiguration.RdsDbClusterSnapshotConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotConfiguration.RdsDbClusterSnapshotConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotConfiguration.RdsDbClusterSnapshotConfiguration


module Amazonka.AccessAnalyzer.Types.RdsDbSnapshotAttributeValue

-- | The name and values of a manual Amazon RDS DB snapshot attribute.
--   Manual DB snapshot attributes are used to authorize other Amazon Web
--   Services accounts to restore a manual DB snapshot.
--   
--   <i>See:</i> <a>newRdsDbSnapshotAttributeValue</a> smart constructor.
data RdsDbSnapshotAttributeValue
RdsDbSnapshotAttributeValue' :: Maybe [Text] -> RdsDbSnapshotAttributeValue

-- | The Amazon Web Services account IDs that have access to the manual
--   Amazon RDS DB snapshot. If the value <tt>all</tt> is specified, then
--   the Amazon RDS DB snapshot is public and can be copied or restored by
--   all Amazon Web Services accounts.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB snapshot and
--   you do not specify the <tt>accountIds</tt> in
--   <tt>RdsDbSnapshotAttributeValue</tt>, then the access preview uses the
--   existing shared <tt>accountIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>accountIds</tt> in
--   <tt>RdsDbSnapshotAttributeValue</tt>, then the access preview
--   considers the snapshot without any attributes.</li>
--   <li>To propose deletion of an existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>accountIds</tt> in the
--   <tt>RdsDbSnapshotAttributeValue</tt>.</li>
--   </ul>
[$sel:accountIds:RdsDbSnapshotAttributeValue'] :: RdsDbSnapshotAttributeValue -> Maybe [Text]

-- | Create a value of <a>RdsDbSnapshotAttributeValue</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accountIds:RdsDbSnapshotAttributeValue'</a>,
--   <a>rdsDbSnapshotAttributeValue_accountIds</a> - The Amazon Web
--   Services account IDs that have access to the manual Amazon RDS DB
--   snapshot. If the value <tt>all</tt> is specified, then the Amazon RDS
--   DB snapshot is public and can be copied or restored by all Amazon Web
--   Services accounts.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB snapshot and
--   you do not specify the <tt>accountIds</tt> in
--   <tt>RdsDbSnapshotAttributeValue</tt>, then the access preview uses the
--   existing shared <tt>accountIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>accountIds</tt> in
--   <tt>RdsDbSnapshotAttributeValue</tt>, then the access preview
--   considers the snapshot without any attributes.</li>
--   <li>To propose deletion of an existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>accountIds</tt> in the
--   <tt>RdsDbSnapshotAttributeValue</tt>.</li>
--   </ul>
newRdsDbSnapshotAttributeValue :: RdsDbSnapshotAttributeValue

-- | The Amazon Web Services account IDs that have access to the manual
--   Amazon RDS DB snapshot. If the value <tt>all</tt> is specified, then
--   the Amazon RDS DB snapshot is public and can be copied or restored by
--   all Amazon Web Services accounts.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB snapshot and
--   you do not specify the <tt>accountIds</tt> in
--   <tt>RdsDbSnapshotAttributeValue</tt>, then the access preview uses the
--   existing shared <tt>accountIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>accountIds</tt> in
--   <tt>RdsDbSnapshotAttributeValue</tt>, then the access preview
--   considers the snapshot without any attributes.</li>
--   <li>To propose deletion of an existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>accountIds</tt> in the
--   <tt>RdsDbSnapshotAttributeValue</tt>.</li>
--   </ul>
rdsDbSnapshotAttributeValue_accountIds :: Lens' RdsDbSnapshotAttributeValue (Maybe [Text])
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.RdsDbSnapshotAttributeValue.RdsDbSnapshotAttributeValue
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.RdsDbSnapshotAttributeValue.RdsDbSnapshotAttributeValue
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.RdsDbSnapshotAttributeValue.RdsDbSnapshotAttributeValue
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.RdsDbSnapshotAttributeValue.RdsDbSnapshotAttributeValue
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.RdsDbSnapshotAttributeValue.RdsDbSnapshotAttributeValue
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.RdsDbSnapshotAttributeValue.RdsDbSnapshotAttributeValue
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.RdsDbSnapshotAttributeValue.RdsDbSnapshotAttributeValue
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.RdsDbSnapshotAttributeValue.RdsDbSnapshotAttributeValue


module Amazonka.AccessAnalyzer.Types.RdsDbSnapshotConfiguration

-- | The proposed access control configuration for an Amazon RDS DB
--   snapshot. You can propose a configuration for a new Amazon RDS DB
--   snapshot or an Amazon RDS DB snapshot that you own by specifying the
--   <tt>RdsDbSnapshotAttributeValue</tt> and optional KMS encryption key.
--   For more information, see <a>ModifyDBSnapshotAttribute</a>.
--   
--   <i>See:</i> <a>newRdsDbSnapshotConfiguration</a> smart constructor.
data RdsDbSnapshotConfiguration
RdsDbSnapshotConfiguration' :: Maybe (HashMap Text RdsDbSnapshotAttributeValue) -> Maybe Text -> RdsDbSnapshotConfiguration

-- | The names and values of manual DB snapshot attributes. Manual DB
--   snapshot attributes are used to authorize other Amazon Web Services
--   accounts to restore a manual DB snapshot. The only valid value for
--   <tt>attributeName</tt> for the attribute map is restore.
[$sel:attributes:RdsDbSnapshotConfiguration'] :: RdsDbSnapshotConfiguration -> Maybe (HashMap Text RdsDbSnapshotAttributeValue)

-- | The KMS key identifier for an encrypted Amazon RDS DB snapshot. The
--   KMS key identifier is the key ARN, key ID, alias ARN, or alias name
--   for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB snapshot and
--   you do not specify the <tt>kmsKeyId</tt>, or you specify an empty
--   string, then the access preview uses the existing <tt>kmsKeyId</tt> of
--   the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>kmsKeyId</tt>, then the access preview considers
--   the snapshot as unencrypted.</li>
--   </ul>
[$sel:kmsKeyId:RdsDbSnapshotConfiguration'] :: RdsDbSnapshotConfiguration -> Maybe Text

-- | Create a value of <a>RdsDbSnapshotConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:attributes:RdsDbSnapshotConfiguration'</a>,
--   <a>rdsDbSnapshotConfiguration_attributes</a> - The names and values of
--   manual DB snapshot attributes. Manual DB snapshot attributes are used
--   to authorize other Amazon Web Services accounts to restore a manual DB
--   snapshot. The only valid value for <tt>attributeName</tt> for the
--   attribute map is restore.
--   
--   <a>$sel:kmsKeyId:RdsDbSnapshotConfiguration'</a>,
--   <a>rdsDbSnapshotConfiguration_kmsKeyId</a> - The KMS key identifier
--   for an encrypted Amazon RDS DB snapshot. The KMS key identifier is the
--   key ARN, key ID, alias ARN, or alias name for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB snapshot and
--   you do not specify the <tt>kmsKeyId</tt>, or you specify an empty
--   string, then the access preview uses the existing <tt>kmsKeyId</tt> of
--   the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>kmsKeyId</tt>, then the access preview considers
--   the snapshot as unencrypted.</li>
--   </ul>
newRdsDbSnapshotConfiguration :: RdsDbSnapshotConfiguration

-- | The names and values of manual DB snapshot attributes. Manual DB
--   snapshot attributes are used to authorize other Amazon Web Services
--   accounts to restore a manual DB snapshot. The only valid value for
--   <tt>attributeName</tt> for the attribute map is restore.
rdsDbSnapshotConfiguration_attributes :: Lens' RdsDbSnapshotConfiguration (Maybe (HashMap Text RdsDbSnapshotAttributeValue))

-- | The KMS key identifier for an encrypted Amazon RDS DB snapshot. The
--   KMS key identifier is the key ARN, key ID, alias ARN, or alias name
--   for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB snapshot and
--   you do not specify the <tt>kmsKeyId</tt>, or you specify an empty
--   string, then the access preview uses the existing <tt>kmsKeyId</tt> of
--   the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>kmsKeyId</tt>, then the access preview considers
--   the snapshot as unencrypted.</li>
--   </ul>
rdsDbSnapshotConfiguration_kmsKeyId :: Lens' RdsDbSnapshotConfiguration (Maybe Text)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.RdsDbSnapshotConfiguration.RdsDbSnapshotConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.RdsDbSnapshotConfiguration.RdsDbSnapshotConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.RdsDbSnapshotConfiguration.RdsDbSnapshotConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.RdsDbSnapshotConfiguration.RdsDbSnapshotConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.RdsDbSnapshotConfiguration.RdsDbSnapshotConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.RdsDbSnapshotConfiguration.RdsDbSnapshotConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.RdsDbSnapshotConfiguration.RdsDbSnapshotConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.RdsDbSnapshotConfiguration.RdsDbSnapshotConfiguration


module Amazonka.AccessAnalyzer.Types.ReasonCode
newtype ReasonCode
ReasonCode' :: Text -> ReasonCode
[fromReasonCode] :: ReasonCode -> Text
pattern ReasonCode_AWS_SERVICE_ACCESS_DISABLED :: ReasonCode
pattern ReasonCode_DELEGATED_ADMINISTRATOR_DEREGISTERED :: ReasonCode
pattern ReasonCode_ORGANIZATION_DELETED :: ReasonCode
pattern ReasonCode_SERVICE_LINKED_ROLE_CREATION_FAILED :: ReasonCode
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.ReasonCode.ReasonCode


module Amazonka.AccessAnalyzer.Types.ResourceType
newtype ResourceType
ResourceType' :: Text -> ResourceType
[fromResourceType] :: ResourceType -> Text
pattern ResourceType_AWS__EC2__Snapshot :: ResourceType
pattern ResourceType_AWS__ECR__Repository :: ResourceType
pattern ResourceType_AWS__EFS__FileSystem :: ResourceType
pattern ResourceType_AWS__IAM__Role :: ResourceType
pattern ResourceType_AWS__KMS__Key :: ResourceType
pattern ResourceType_AWS__Lambda__Function :: ResourceType
pattern ResourceType_AWS__Lambda__LayerVersion :: ResourceType
pattern ResourceType_AWS__RDS__DBClusterSnapshot :: ResourceType
pattern ResourceType_AWS__RDS__DBSnapshot :: ResourceType
pattern ResourceType_AWS__S3__Bucket :: ResourceType
pattern ResourceType_AWS__SNS__Topic :: ResourceType
pattern ResourceType_AWS__SQS__Queue :: ResourceType
pattern ResourceType_AWS__SecretsManager__Secret :: ResourceType
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.ResourceType.ResourceType


module Amazonka.AccessAnalyzer.Types.FindingSummary

-- | Contains information about a finding.
--   
--   <i>See:</i> <a>newFindingSummary</a> smart constructor.
data FindingSummary
FindingSummary' :: Maybe [Text] -> Maybe Text -> Maybe Bool -> Maybe (HashMap Text Text) -> Maybe Text -> Maybe [FindingSource] -> Text -> ResourceType -> HashMap Text Text -> ISO8601 -> ISO8601 -> ISO8601 -> FindingStatus -> Text -> FindingSummary

-- | The action in the analyzed policy statement that an external principal
--   has permission to use.
[$sel:action:FindingSummary'] :: FindingSummary -> Maybe [Text]

-- | The error that resulted in an Error finding.
[$sel:error:FindingSummary'] :: FindingSummary -> Maybe Text

-- | Indicates whether the finding reports a resource that has a policy
--   that allows public access.
[$sel:isPublic:FindingSummary'] :: FindingSummary -> Maybe Bool

-- | The external principal that has access to a resource within the zone
--   of trust.
[$sel:principal:FindingSummary'] :: FindingSummary -> Maybe (HashMap Text Text)

-- | The resource that the external principal has access to.
[$sel:resource:FindingSummary'] :: FindingSummary -> Maybe Text

-- | The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
[$sel:sources:FindingSummary'] :: FindingSummary -> Maybe [FindingSource]

-- | The ID of the finding.
[$sel:id:FindingSummary'] :: FindingSummary -> Text

-- | The type of the resource that the external principal has access to.
[$sel:resourceType:FindingSummary'] :: FindingSummary -> ResourceType

-- | The condition in the analyzed policy statement that resulted in a
--   finding.
[$sel:condition:FindingSummary'] :: FindingSummary -> HashMap Text Text

-- | The time at which the finding was created.
[$sel:createdAt:FindingSummary'] :: FindingSummary -> ISO8601

-- | The time at which the resource-based policy that generated the finding
--   was analyzed.
[$sel:analyzedAt:FindingSummary'] :: FindingSummary -> ISO8601

-- | The time at which the finding was most recently updated.
[$sel:updatedAt:FindingSummary'] :: FindingSummary -> ISO8601

-- | The status of the finding.
[$sel:status:FindingSummary'] :: FindingSummary -> FindingStatus

-- | The Amazon Web Services account ID that owns the resource.
[$sel:resourceOwnerAccount:FindingSummary'] :: FindingSummary -> Text

-- | Create a value of <a>FindingSummary</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:action:FindingSummary'</a>, <a>findingSummary_action</a> - The
--   action in the analyzed policy statement that an external principal has
--   permission to use.
--   
--   <a>$sel:error:FindingSummary'</a>, <a>findingSummary_error</a> - The
--   error that resulted in an Error finding.
--   
--   <a>$sel:isPublic:FindingSummary'</a>, <a>findingSummary_isPublic</a> -
--   Indicates whether the finding reports a resource that has a policy
--   that allows public access.
--   
--   <a>$sel:principal:FindingSummary'</a>, <a>findingSummary_principal</a>
--   - The external principal that has access to a resource within the zone
--   of trust.
--   
--   <a>$sel:resource:FindingSummary'</a>, <a>findingSummary_resource</a> -
--   The resource that the external principal has access to.
--   
--   <a>$sel:sources:FindingSummary'</a>, <a>findingSummary_sources</a> -
--   The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
--   
--   <a>$sel:id:FindingSummary'</a>, <a>findingSummary_id</a> - The ID of
--   the finding.
--   
--   <a>$sel:resourceType:FindingSummary'</a>,
--   <a>findingSummary_resourceType</a> - The type of the resource that the
--   external principal has access to.
--   
--   <a>$sel:condition:FindingSummary'</a>, <a>findingSummary_condition</a>
--   - The condition in the analyzed policy statement that resulted in a
--   finding.
--   
--   <a>$sel:createdAt:FindingSummary'</a>, <a>findingSummary_createdAt</a>
--   - The time at which the finding was created.
--   
--   <a>$sel:analyzedAt:FindingSummary'</a>,
--   <a>findingSummary_analyzedAt</a> - The time at which the
--   resource-based policy that generated the finding was analyzed.
--   
--   <a>$sel:updatedAt:FindingSummary'</a>, <a>findingSummary_updatedAt</a>
--   - The time at which the finding was most recently updated.
--   
--   <a>$sel:status:FindingSummary'</a>, <a>findingSummary_status</a> - The
--   status of the finding.
--   
--   <a>$sel:resourceOwnerAccount:FindingSummary'</a>,
--   <a>findingSummary_resourceOwnerAccount</a> - The Amazon Web Services
--   account ID that owns the resource.
newFindingSummary :: Text -> ResourceType -> UTCTime -> UTCTime -> UTCTime -> FindingStatus -> Text -> FindingSummary

-- | The action in the analyzed policy statement that an external principal
--   has permission to use.
findingSummary_action :: Lens' FindingSummary (Maybe [Text])

-- | The error that resulted in an Error finding.
findingSummary_error :: Lens' FindingSummary (Maybe Text)

-- | Indicates whether the finding reports a resource that has a policy
--   that allows public access.
findingSummary_isPublic :: Lens' FindingSummary (Maybe Bool)

-- | The external principal that has access to a resource within the zone
--   of trust.
findingSummary_principal :: Lens' FindingSummary (Maybe (HashMap Text Text))

-- | The resource that the external principal has access to.
findingSummary_resource :: Lens' FindingSummary (Maybe Text)

-- | The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
findingSummary_sources :: Lens' FindingSummary (Maybe [FindingSource])

-- | The ID of the finding.
findingSummary_id :: Lens' FindingSummary Text

-- | The type of the resource that the external principal has access to.
findingSummary_resourceType :: Lens' FindingSummary ResourceType

-- | The condition in the analyzed policy statement that resulted in a
--   finding.
findingSummary_condition :: Lens' FindingSummary (HashMap Text Text)

-- | The time at which the finding was created.
findingSummary_createdAt :: Lens' FindingSummary UTCTime

-- | The time at which the resource-based policy that generated the finding
--   was analyzed.
findingSummary_analyzedAt :: Lens' FindingSummary UTCTime

-- | The time at which the finding was most recently updated.
findingSummary_updatedAt :: Lens' FindingSummary UTCTime

-- | The status of the finding.
findingSummary_status :: Lens' FindingSummary FindingStatus

-- | The Amazon Web Services account ID that owns the resource.
findingSummary_resourceOwnerAccount :: Lens' FindingSummary Text
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.FindingSummary.FindingSummary
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.FindingSummary.FindingSummary
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.FindingSummary.FindingSummary
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.FindingSummary.FindingSummary
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.FindingSummary.FindingSummary
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.FindingSummary.FindingSummary
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.FindingSummary.FindingSummary


module Amazonka.AccessAnalyzer.Types.Finding

-- | Contains information about a finding.
--   
--   <i>See:</i> <a>newFinding</a> smart constructor.
data Finding
Finding' :: Maybe [Text] -> Maybe Text -> Maybe Bool -> Maybe (HashMap Text Text) -> Maybe Text -> Maybe [FindingSource] -> Text -> ResourceType -> HashMap Text Text -> ISO8601 -> ISO8601 -> ISO8601 -> FindingStatus -> Text -> Finding

-- | The action in the analyzed policy statement that an external principal
--   has permission to use.
[$sel:action:Finding'] :: Finding -> Maybe [Text]

-- | An error.
[$sel:error:Finding'] :: Finding -> Maybe Text

-- | Indicates whether the policy that generated the finding allows public
--   access to the resource.
[$sel:isPublic:Finding'] :: Finding -> Maybe Bool

-- | The external principal that access to a resource within the zone of
--   trust.
[$sel:principal:Finding'] :: Finding -> Maybe (HashMap Text Text)

-- | The resource that an external principal has access to.
[$sel:resource:Finding'] :: Finding -> Maybe Text

-- | The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
[$sel:sources:Finding'] :: Finding -> Maybe [FindingSource]

-- | The ID of the finding.
[$sel:id:Finding'] :: Finding -> Text

-- | The type of the resource identified in the finding.
[$sel:resourceType:Finding'] :: Finding -> ResourceType

-- | The condition in the analyzed policy statement that resulted in a
--   finding.
[$sel:condition:Finding'] :: Finding -> HashMap Text Text

-- | The time at which the finding was generated.
[$sel:createdAt:Finding'] :: Finding -> ISO8601

-- | The time at which the resource was analyzed.
[$sel:analyzedAt:Finding'] :: Finding -> ISO8601

-- | The time at which the finding was updated.
[$sel:updatedAt:Finding'] :: Finding -> ISO8601

-- | The current status of the finding.
[$sel:status:Finding'] :: Finding -> FindingStatus

-- | The Amazon Web Services account ID that owns the resource.
[$sel:resourceOwnerAccount:Finding'] :: Finding -> Text

-- | Create a value of <a>Finding</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:action:Finding'</a>, <a>finding_action</a> - The action in the
--   analyzed policy statement that an external principal has permission to
--   use.
--   
--   <a>$sel:error:Finding'</a>, <a>finding_error</a> - An error.
--   
--   <a>$sel:isPublic:Finding'</a>, <a>finding_isPublic</a> - Indicates
--   whether the policy that generated the finding allows public access to
--   the resource.
--   
--   <a>$sel:principal:Finding'</a>, <a>finding_principal</a> - The
--   external principal that access to a resource within the zone of trust.
--   
--   <a>$sel:resource:Finding'</a>, <a>finding_resource</a> - The resource
--   that an external principal has access to.
--   
--   <a>$sel:sources:Finding'</a>, <a>finding_sources</a> - The sources of
--   the finding. This indicates how the access that generated the finding
--   is granted. It is populated for Amazon S3 bucket findings.
--   
--   <a>$sel:id:Finding'</a>, <a>finding_id</a> - The ID of the finding.
--   
--   <a>$sel:resourceType:Finding'</a>, <a>finding_resourceType</a> - The
--   type of the resource identified in the finding.
--   
--   <a>$sel:condition:Finding'</a>, <a>finding_condition</a> - The
--   condition in the analyzed policy statement that resulted in a finding.
--   
--   <a>$sel:createdAt:Finding'</a>, <a>finding_createdAt</a> - The time at
--   which the finding was generated.
--   
--   <a>$sel:analyzedAt:Finding'</a>, <a>finding_analyzedAt</a> - The time
--   at which the resource was analyzed.
--   
--   <a>$sel:updatedAt:Finding'</a>, <a>finding_updatedAt</a> - The time at
--   which the finding was updated.
--   
--   <a>$sel:status:Finding'</a>, <a>finding_status</a> - The current
--   status of the finding.
--   
--   <a>$sel:resourceOwnerAccount:Finding'</a>,
--   <a>finding_resourceOwnerAccount</a> - The Amazon Web Services account
--   ID that owns the resource.
newFinding :: Text -> ResourceType -> UTCTime -> UTCTime -> UTCTime -> FindingStatus -> Text -> Finding

-- | The action in the analyzed policy statement that an external principal
--   has permission to use.
finding_action :: Lens' Finding (Maybe [Text])

-- | An error.
finding_error :: Lens' Finding (Maybe Text)

-- | Indicates whether the policy that generated the finding allows public
--   access to the resource.
finding_isPublic :: Lens' Finding (Maybe Bool)

-- | The external principal that access to a resource within the zone of
--   trust.
finding_principal :: Lens' Finding (Maybe (HashMap Text Text))

-- | The resource that an external principal has access to.
finding_resource :: Lens' Finding (Maybe Text)

-- | The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
finding_sources :: Lens' Finding (Maybe [FindingSource])

-- | The ID of the finding.
finding_id :: Lens' Finding Text

-- | The type of the resource identified in the finding.
finding_resourceType :: Lens' Finding ResourceType

-- | The condition in the analyzed policy statement that resulted in a
--   finding.
finding_condition :: Lens' Finding (HashMap Text Text)

-- | The time at which the finding was generated.
finding_createdAt :: Lens' Finding UTCTime

-- | The time at which the resource was analyzed.
finding_analyzedAt :: Lens' Finding UTCTime

-- | The time at which the finding was updated.
finding_updatedAt :: Lens' Finding UTCTime

-- | The current status of the finding.
finding_status :: Lens' Finding FindingStatus

-- | The Amazon Web Services account ID that owns the resource.
finding_resourceOwnerAccount :: Lens' Finding Text
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.Finding.Finding
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.Finding.Finding
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.Finding.Finding
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.Finding.Finding
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.Finding.Finding
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.Finding.Finding
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.Finding.Finding


module Amazonka.AccessAnalyzer.Types.AnalyzedResourceSummary

-- | Contains the ARN of the analyzed resource.
--   
--   <i>See:</i> <a>newAnalyzedResourceSummary</a> smart constructor.
data AnalyzedResourceSummary
AnalyzedResourceSummary' :: Text -> Text -> ResourceType -> AnalyzedResourceSummary

-- | The ARN of the analyzed resource.
[$sel:resourceArn:AnalyzedResourceSummary'] :: AnalyzedResourceSummary -> Text

-- | The Amazon Web Services account ID that owns the resource.
[$sel:resourceOwnerAccount:AnalyzedResourceSummary'] :: AnalyzedResourceSummary -> Text

-- | The type of resource that was analyzed.
[$sel:resourceType:AnalyzedResourceSummary'] :: AnalyzedResourceSummary -> ResourceType

-- | Create a value of <a>AnalyzedResourceSummary</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:resourceArn:AnalyzedResourceSummary'</a>,
--   <a>analyzedResourceSummary_resourceArn</a> - The ARN of the analyzed
--   resource.
--   
--   <a>$sel:resourceOwnerAccount:AnalyzedResourceSummary'</a>,
--   <a>analyzedResourceSummary_resourceOwnerAccount</a> - The Amazon Web
--   Services account ID that owns the resource.
--   
--   <a>$sel:resourceType:AnalyzedResourceSummary'</a>,
--   <a>analyzedResourceSummary_resourceType</a> - The type of resource
--   that was analyzed.
newAnalyzedResourceSummary :: Text -> Text -> ResourceType -> AnalyzedResourceSummary

-- | The ARN of the analyzed resource.
analyzedResourceSummary_resourceArn :: Lens' AnalyzedResourceSummary Text

-- | The Amazon Web Services account ID that owns the resource.
analyzedResourceSummary_resourceOwnerAccount :: Lens' AnalyzedResourceSummary Text

-- | The type of resource that was analyzed.
analyzedResourceSummary_resourceType :: Lens' AnalyzedResourceSummary ResourceType
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.AnalyzedResourceSummary.AnalyzedResourceSummary
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.AnalyzedResourceSummary.AnalyzedResourceSummary
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.AnalyzedResourceSummary.AnalyzedResourceSummary
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.AnalyzedResourceSummary.AnalyzedResourceSummary
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.AnalyzedResourceSummary.AnalyzedResourceSummary
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.AnalyzedResourceSummary.AnalyzedResourceSummary
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.AnalyzedResourceSummary.AnalyzedResourceSummary


module Amazonka.AccessAnalyzer.Types.AnalyzedResource

-- | Contains details about the analyzed resource.
--   
--   <i>See:</i> <a>newAnalyzedResource</a> smart constructor.
data AnalyzedResource
AnalyzedResource' :: Maybe [Text] -> Maybe Text -> Maybe [Text] -> Maybe FindingStatus -> Text -> ResourceType -> ISO8601 -> ISO8601 -> ISO8601 -> Bool -> Text -> AnalyzedResource

-- | The actions that an external principal is granted permission to use by
--   the policy that generated the finding.
[$sel:actions:AnalyzedResource'] :: AnalyzedResource -> Maybe [Text]

-- | An error message.
[$sel:error:AnalyzedResource'] :: AnalyzedResource -> Maybe Text

-- | Indicates how the access that generated the finding is granted. This
--   is populated for Amazon S3 bucket findings.
[$sel:sharedVia:AnalyzedResource'] :: AnalyzedResource -> Maybe [Text]

-- | The current status of the finding generated from the analyzed
--   resource.
[$sel:status:AnalyzedResource'] :: AnalyzedResource -> Maybe FindingStatus

-- | The ARN of the resource that was analyzed.
[$sel:resourceArn:AnalyzedResource'] :: AnalyzedResource -> Text

-- | The type of the resource that was analyzed.
[$sel:resourceType:AnalyzedResource'] :: AnalyzedResource -> ResourceType

-- | The time at which the finding was created.
[$sel:createdAt:AnalyzedResource'] :: AnalyzedResource -> ISO8601

-- | The time at which the resource was analyzed.
[$sel:analyzedAt:AnalyzedResource'] :: AnalyzedResource -> ISO8601

-- | The time at which the finding was updated.
[$sel:updatedAt:AnalyzedResource'] :: AnalyzedResource -> ISO8601

-- | Indicates whether the policy that generated the finding grants public
--   access to the resource.
[$sel:isPublic:AnalyzedResource'] :: AnalyzedResource -> Bool

-- | The Amazon Web Services account ID that owns the resource.
[$sel:resourceOwnerAccount:AnalyzedResource'] :: AnalyzedResource -> Text

-- | Create a value of <a>AnalyzedResource</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:actions:AnalyzedResource'</a>, <a>analyzedResource_actions</a>
--   - The actions that an external principal is granted permission to use
--   by the policy that generated the finding.
--   
--   <a>$sel:error:AnalyzedResource'</a>, <a>analyzedResource_error</a> -
--   An error message.
--   
--   <a>$sel:sharedVia:AnalyzedResource'</a>,
--   <a>analyzedResource_sharedVia</a> - Indicates how the access that
--   generated the finding is granted. This is populated for Amazon S3
--   bucket findings.
--   
--   <a>$sel:status:AnalyzedResource'</a>, <a>analyzedResource_status</a> -
--   The current status of the finding generated from the analyzed
--   resource.
--   
--   <a>$sel:resourceArn:AnalyzedResource'</a>,
--   <a>analyzedResource_resourceArn</a> - The ARN of the resource that was
--   analyzed.
--   
--   <a>$sel:resourceType:AnalyzedResource'</a>,
--   <a>analyzedResource_resourceType</a> - The type of the resource that
--   was analyzed.
--   
--   <a>$sel:createdAt:AnalyzedResource'</a>,
--   <a>analyzedResource_createdAt</a> - The time at which the finding was
--   created.
--   
--   <a>$sel:analyzedAt:AnalyzedResource'</a>,
--   <a>analyzedResource_analyzedAt</a> - The time at which the resource
--   was analyzed.
--   
--   <a>$sel:updatedAt:AnalyzedResource'</a>,
--   <a>analyzedResource_updatedAt</a> - The time at which the finding was
--   updated.
--   
--   <a>$sel:isPublic:AnalyzedResource'</a>,
--   <a>analyzedResource_isPublic</a> - Indicates whether the policy that
--   generated the finding grants public access to the resource.
--   
--   <a>$sel:resourceOwnerAccount:AnalyzedResource'</a>,
--   <a>analyzedResource_resourceOwnerAccount</a> - The Amazon Web Services
--   account ID that owns the resource.
newAnalyzedResource :: Text -> ResourceType -> UTCTime -> UTCTime -> UTCTime -> Bool -> Text -> AnalyzedResource

-- | The actions that an external principal is granted permission to use by
--   the policy that generated the finding.
analyzedResource_actions :: Lens' AnalyzedResource (Maybe [Text])

-- | An error message.
analyzedResource_error :: Lens' AnalyzedResource (Maybe Text)

-- | Indicates how the access that generated the finding is granted. This
--   is populated for Amazon S3 bucket findings.
analyzedResource_sharedVia :: Lens' AnalyzedResource (Maybe [Text])

-- | The current status of the finding generated from the analyzed
--   resource.
analyzedResource_status :: Lens' AnalyzedResource (Maybe FindingStatus)

-- | The ARN of the resource that was analyzed.
analyzedResource_resourceArn :: Lens' AnalyzedResource Text

-- | The type of the resource that was analyzed.
analyzedResource_resourceType :: Lens' AnalyzedResource ResourceType

-- | The time at which the finding was created.
analyzedResource_createdAt :: Lens' AnalyzedResource UTCTime

-- | The time at which the resource was analyzed.
analyzedResource_analyzedAt :: Lens' AnalyzedResource UTCTime

-- | The time at which the finding was updated.
analyzedResource_updatedAt :: Lens' AnalyzedResource UTCTime

-- | Indicates whether the policy that generated the finding grants public
--   access to the resource.
analyzedResource_isPublic :: Lens' AnalyzedResource Bool

-- | The Amazon Web Services account ID that owns the resource.
analyzedResource_resourceOwnerAccount :: Lens' AnalyzedResource Text
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.AnalyzedResource.AnalyzedResource
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.AnalyzedResource.AnalyzedResource
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.AnalyzedResource.AnalyzedResource
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.AnalyzedResource.AnalyzedResource
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.AnalyzedResource.AnalyzedResource
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.AnalyzedResource.AnalyzedResource
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.AnalyzedResource.AnalyzedResource


module Amazonka.AccessAnalyzer.Types.AccessPreviewFinding

-- | An access preview finding generated by the access preview.
--   
--   <i>See:</i> <a>newAccessPreviewFinding</a> smart constructor.
data AccessPreviewFinding
AccessPreviewFinding' :: Maybe [Text] -> Maybe (HashMap Text Text) -> Maybe Text -> Maybe Text -> Maybe FindingStatus -> Maybe Bool -> Maybe (HashMap Text Text) -> Maybe Text -> Maybe [FindingSource] -> Text -> ResourceType -> ISO8601 -> FindingChangeType -> FindingStatus -> Text -> AccessPreviewFinding

-- | The action in the analyzed policy statement that an external principal
--   has permission to perform.
[$sel:action:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe [Text]

-- | The condition in the analyzed policy statement that resulted in a
--   finding.
[$sel:condition:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe (HashMap Text Text)

-- | An error.
[$sel:error:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe Text

-- | The existing ID of the finding in IAM Access Analyzer, provided only
--   for existing findings.
[$sel:existingFindingId:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe Text

-- | The existing status of the finding, provided only for existing
--   findings.
[$sel:existingFindingStatus:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe FindingStatus

-- | Indicates whether the policy that generated the finding allows public
--   access to the resource.
[$sel:isPublic:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe Bool

-- | The external principal that has access to a resource within the zone
--   of trust.
[$sel:principal:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe (HashMap Text Text)

-- | The resource that an external principal has access to. This is the
--   resource associated with the access preview.
[$sel:resource:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe Text

-- | The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
[$sel:sources:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe [FindingSource]

-- | The ID of the access preview finding. This ID uniquely identifies the
--   element in the list of access preview findings and is not related to
--   the finding ID in Access Analyzer.
[$sel:id:AccessPreviewFinding'] :: AccessPreviewFinding -> Text

-- | The type of the resource that can be accessed in the finding.
[$sel:resourceType:AccessPreviewFinding'] :: AccessPreviewFinding -> ResourceType

-- | The time at which the access preview finding was created.
[$sel:createdAt:AccessPreviewFinding'] :: AccessPreviewFinding -> ISO8601

-- | Provides context on how the access preview finding compares to
--   existing access identified in IAM Access Analyzer.
--   
--   <ul>
--   <li><tt>New</tt> - The finding is for newly-introduced access.</li>
--   <li><tt>Unchanged</tt> - The preview finding is an existing finding
--   that would remain unchanged.</li>
--   <li><tt>Changed</tt> - The preview finding is an existing finding with
--   a change in status.</li>
--   </ul>
--   
--   For example, a <tt>Changed</tt> finding with preview status
--   <tt>Resolved</tt> and existing status <tt>Active</tt> indicates the
--   existing <tt>Active</tt> finding would become <tt>Resolved</tt> as a
--   result of the proposed permissions change.
[$sel:changeType:AccessPreviewFinding'] :: AccessPreviewFinding -> FindingChangeType

-- | The preview status of the finding. This is what the status of the
--   finding would be after permissions deployment. For example, a
--   <tt>Changed</tt> finding with preview status <tt>Resolved</tt> and
--   existing status <tt>Active</tt> indicates the existing <tt>Active</tt>
--   finding would become <tt>Resolved</tt> as a result of the proposed
--   permissions change.
[$sel:status:AccessPreviewFinding'] :: AccessPreviewFinding -> FindingStatus

-- | The Amazon Web Services account ID that owns the resource. For most
--   Amazon Web Services resources, the owning account is the account in
--   which the resource was created.
[$sel:resourceOwnerAccount:AccessPreviewFinding'] :: AccessPreviewFinding -> Text

-- | Create a value of <a>AccessPreviewFinding</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:action:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_action</a> - The action in the analyzed policy
--   statement that an external principal has permission to perform.
--   
--   <a>$sel:condition:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_condition</a> - The condition in the analyzed
--   policy statement that resulted in a finding.
--   
--   <a>$sel:error:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_error</a> - An error.
--   
--   <a>$sel:existingFindingId:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_existingFindingId</a> - The existing ID of the
--   finding in IAM Access Analyzer, provided only for existing findings.
--   
--   <a>$sel:existingFindingStatus:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_existingFindingStatus</a> - The existing
--   status of the finding, provided only for existing findings.
--   
--   <a>$sel:isPublic:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_isPublic</a> - Indicates whether the policy
--   that generated the finding allows public access to the resource.
--   
--   <a>$sel:principal:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_principal</a> - The external principal that
--   has access to a resource within the zone of trust.
--   
--   <a>$sel:resource:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_resource</a> - The resource that an external
--   principal has access to. This is the resource associated with the
--   access preview.
--   
--   <a>$sel:sources:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_sources</a> - The sources of the finding. This
--   indicates how the access that generated the finding is granted. It is
--   populated for Amazon S3 bucket findings.
--   
--   <a>$sel:id:AccessPreviewFinding'</a>, <a>accessPreviewFinding_id</a> -
--   The ID of the access preview finding. This ID uniquely identifies the
--   element in the list of access preview findings and is not related to
--   the finding ID in Access Analyzer.
--   
--   <a>$sel:resourceType:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_resourceType</a> - The type of the resource
--   that can be accessed in the finding.
--   
--   <a>$sel:createdAt:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_createdAt</a> - The time at which the access
--   preview finding was created.
--   
--   <a>$sel:changeType:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_changeType</a> - Provides context on how the
--   access preview finding compares to existing access identified in IAM
--   Access Analyzer.
--   
--   <ul>
--   <li><tt>New</tt> - The finding is for newly-introduced access.</li>
--   <li><tt>Unchanged</tt> - The preview finding is an existing finding
--   that would remain unchanged.</li>
--   <li><tt>Changed</tt> - The preview finding is an existing finding with
--   a change in status.</li>
--   </ul>
--   
--   For example, a <tt>Changed</tt> finding with preview status
--   <tt>Resolved</tt> and existing status <tt>Active</tt> indicates the
--   existing <tt>Active</tt> finding would become <tt>Resolved</tt> as a
--   result of the proposed permissions change.
--   
--   <a>$sel:status:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_status</a> - The preview status of the
--   finding. This is what the status of the finding would be after
--   permissions deployment. For example, a <tt>Changed</tt> finding with
--   preview status <tt>Resolved</tt> and existing status <tt>Active</tt>
--   indicates the existing <tt>Active</tt> finding would become
--   <tt>Resolved</tt> as a result of the proposed permissions change.
--   
--   <a>$sel:resourceOwnerAccount:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_resourceOwnerAccount</a> - The Amazon Web
--   Services account ID that owns the resource. For most Amazon Web
--   Services resources, the owning account is the account in which the
--   resource was created.
newAccessPreviewFinding :: Text -> ResourceType -> UTCTime -> FindingChangeType -> FindingStatus -> Text -> AccessPreviewFinding

-- | The action in the analyzed policy statement that an external principal
--   has permission to perform.
accessPreviewFinding_action :: Lens' AccessPreviewFinding (Maybe [Text])

-- | The condition in the analyzed policy statement that resulted in a
--   finding.
accessPreviewFinding_condition :: Lens' AccessPreviewFinding (Maybe (HashMap Text Text))

-- | An error.
accessPreviewFinding_error :: Lens' AccessPreviewFinding (Maybe Text)

-- | The existing ID of the finding in IAM Access Analyzer, provided only
--   for existing findings.
accessPreviewFinding_existingFindingId :: Lens' AccessPreviewFinding (Maybe Text)

-- | The existing status of the finding, provided only for existing
--   findings.
accessPreviewFinding_existingFindingStatus :: Lens' AccessPreviewFinding (Maybe FindingStatus)

-- | Indicates whether the policy that generated the finding allows public
--   access to the resource.
accessPreviewFinding_isPublic :: Lens' AccessPreviewFinding (Maybe Bool)

-- | The external principal that has access to a resource within the zone
--   of trust.
accessPreviewFinding_principal :: Lens' AccessPreviewFinding (Maybe (HashMap Text Text))

-- | The resource that an external principal has access to. This is the
--   resource associated with the access preview.
accessPreviewFinding_resource :: Lens' AccessPreviewFinding (Maybe Text)

-- | The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
accessPreviewFinding_sources :: Lens' AccessPreviewFinding (Maybe [FindingSource])

-- | The ID of the access preview finding. This ID uniquely identifies the
--   element in the list of access preview findings and is not related to
--   the finding ID in Access Analyzer.
accessPreviewFinding_id :: Lens' AccessPreviewFinding Text

-- | The type of the resource that can be accessed in the finding.
accessPreviewFinding_resourceType :: Lens' AccessPreviewFinding ResourceType

-- | The time at which the access preview finding was created.
accessPreviewFinding_createdAt :: Lens' AccessPreviewFinding UTCTime

-- | Provides context on how the access preview finding compares to
--   existing access identified in IAM Access Analyzer.
--   
--   <ul>
--   <li><tt>New</tt> - The finding is for newly-introduced access.</li>
--   <li><tt>Unchanged</tt> - The preview finding is an existing finding
--   that would remain unchanged.</li>
--   <li><tt>Changed</tt> - The preview finding is an existing finding with
--   a change in status.</li>
--   </ul>
--   
--   For example, a <tt>Changed</tt> finding with preview status
--   <tt>Resolved</tt> and existing status <tt>Active</tt> indicates the
--   existing <tt>Active</tt> finding would become <tt>Resolved</tt> as a
--   result of the proposed permissions change.
accessPreviewFinding_changeType :: Lens' AccessPreviewFinding FindingChangeType

-- | The preview status of the finding. This is what the status of the
--   finding would be after permissions deployment. For example, a
--   <tt>Changed</tt> finding with preview status <tt>Resolved</tt> and
--   existing status <tt>Active</tt> indicates the existing <tt>Active</tt>
--   finding would become <tt>Resolved</tt> as a result of the proposed
--   permissions change.
accessPreviewFinding_status :: Lens' AccessPreviewFinding FindingStatus

-- | The Amazon Web Services account ID that owns the resource. For most
--   Amazon Web Services resources, the owning account is the account in
--   which the resource was created.
accessPreviewFinding_resourceOwnerAccount :: Lens' AccessPreviewFinding Text
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.AccessPreviewFinding.AccessPreviewFinding
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.AccessPreviewFinding.AccessPreviewFinding
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.AccessPreviewFinding.AccessPreviewFinding
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.AccessPreviewFinding.AccessPreviewFinding
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.AccessPreviewFinding.AccessPreviewFinding
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.AccessPreviewFinding.AccessPreviewFinding
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.AccessPreviewFinding.AccessPreviewFinding


module Amazonka.AccessAnalyzer.Types.S3BucketAclGrantConfiguration

-- | A proposed access control list grant configuration for an Amazon S3
--   bucket. For more information, see <a>How to Specify an ACL</a>.
--   
--   <i>See:</i> <a>newS3BucketAclGrantConfiguration</a> smart constructor.
data S3BucketAclGrantConfiguration
S3BucketAclGrantConfiguration' :: AclPermission -> AclGrantee -> S3BucketAclGrantConfiguration

-- | The permissions being granted.
[$sel:permission:S3BucketAclGrantConfiguration'] :: S3BucketAclGrantConfiguration -> AclPermission

-- | The grantee to whom you’re assigning access rights.
[$sel:grantee:S3BucketAclGrantConfiguration'] :: S3BucketAclGrantConfiguration -> AclGrantee

-- | Create a value of <a>S3BucketAclGrantConfiguration</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:permission:S3BucketAclGrantConfiguration'</a>,
--   <a>s3BucketAclGrantConfiguration_permission</a> - The permissions
--   being granted.
--   
--   <a>$sel:grantee:S3BucketAclGrantConfiguration'</a>,
--   <a>s3BucketAclGrantConfiguration_grantee</a> - The grantee to whom
--   you’re assigning access rights.
newS3BucketAclGrantConfiguration :: AclPermission -> AclGrantee -> S3BucketAclGrantConfiguration

-- | The permissions being granted.
s3BucketAclGrantConfiguration_permission :: Lens' S3BucketAclGrantConfiguration AclPermission

-- | The grantee to whom you’re assigning access rights.
s3BucketAclGrantConfiguration_grantee :: Lens' S3BucketAclGrantConfiguration AclGrantee
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.S3BucketAclGrantConfiguration.S3BucketAclGrantConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.S3BucketAclGrantConfiguration.S3BucketAclGrantConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.S3BucketAclGrantConfiguration.S3BucketAclGrantConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.S3BucketAclGrantConfiguration.S3BucketAclGrantConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.S3BucketAclGrantConfiguration.S3BucketAclGrantConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.S3BucketAclGrantConfiguration.S3BucketAclGrantConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.S3BucketAclGrantConfiguration.S3BucketAclGrantConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.S3BucketAclGrantConfiguration.S3BucketAclGrantConfiguration


module Amazonka.AccessAnalyzer.Types.S3PublicAccessBlockConfiguration

-- | The <tt>PublicAccessBlock</tt> configuration to apply to this Amazon
--   S3 bucket. If the proposed configuration is for an existing Amazon S3
--   bucket and the configuration is not specified, the access preview uses
--   the existing setting. If the proposed configuration is for a new
--   bucket and the configuration is not specified, the access preview uses
--   <tt>false</tt>. If the proposed configuration is for a new access
--   point or multi-region access point and the access point BPA
--   configuration is not specified, the access preview uses <tt>true</tt>.
--   For more information, see <a>PublicAccessBlockConfiguration</a>.
--   
--   <i>See:</i> <a>newS3PublicAccessBlockConfiguration</a> smart
--   constructor.
data S3PublicAccessBlockConfiguration
S3PublicAccessBlockConfiguration' :: Bool -> Bool -> S3PublicAccessBlockConfiguration

-- | Specifies whether Amazon S3 should ignore public ACLs for this bucket
--   and objects in this bucket.
[$sel:ignorePublicAcls:S3PublicAccessBlockConfiguration'] :: S3PublicAccessBlockConfiguration -> Bool

-- | Specifies whether Amazon S3 should restrict public bucket policies for
--   this bucket.
[$sel:restrictPublicBuckets:S3PublicAccessBlockConfiguration'] :: S3PublicAccessBlockConfiguration -> Bool

-- | Create a value of <a>S3PublicAccessBlockConfiguration</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:ignorePublicAcls:S3PublicAccessBlockConfiguration'</a>,
--   <a>s3PublicAccessBlockConfiguration_ignorePublicAcls</a> - Specifies
--   whether Amazon S3 should ignore public ACLs for this bucket and
--   objects in this bucket.
--   
--   <a>$sel:restrictPublicBuckets:S3PublicAccessBlockConfiguration'</a>,
--   <a>s3PublicAccessBlockConfiguration_restrictPublicBuckets</a> -
--   Specifies whether Amazon S3 should restrict public bucket policies for
--   this bucket.
newS3PublicAccessBlockConfiguration :: Bool -> Bool -> S3PublicAccessBlockConfiguration

-- | Specifies whether Amazon S3 should ignore public ACLs for this bucket
--   and objects in this bucket.
s3PublicAccessBlockConfiguration_ignorePublicAcls :: Lens' S3PublicAccessBlockConfiguration Bool

-- | Specifies whether Amazon S3 should restrict public bucket policies for
--   this bucket.
s3PublicAccessBlockConfiguration_restrictPublicBuckets :: Lens' S3PublicAccessBlockConfiguration Bool
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.S3PublicAccessBlockConfiguration.S3PublicAccessBlockConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.S3PublicAccessBlockConfiguration.S3PublicAccessBlockConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.S3PublicAccessBlockConfiguration.S3PublicAccessBlockConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.S3PublicAccessBlockConfiguration.S3PublicAccessBlockConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.S3PublicAccessBlockConfiguration.S3PublicAccessBlockConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.S3PublicAccessBlockConfiguration.S3PublicAccessBlockConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.S3PublicAccessBlockConfiguration.S3PublicAccessBlockConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.S3PublicAccessBlockConfiguration.S3PublicAccessBlockConfiguration


module Amazonka.AccessAnalyzer.Types.SecretsManagerSecretConfiguration

-- | The configuration for a Secrets Manager secret. For more information,
--   see <a>CreateSecret</a>.
--   
--   You can propose a configuration for a new secret or an existing secret
--   that you own by specifying the secret policy and optional KMS
--   encryption key. If the configuration is for an existing secret and you
--   do not specify the secret policy, the access preview uses the existing
--   policy for the secret. If the access preview is for a new resource and
--   you do not specify the policy, the access preview assumes a secret
--   without a policy. To propose deletion of an existing policy, you can
--   specify an empty string. If the proposed configuration is for a new
--   secret and you do not specify the KMS key ID, the access preview uses
--   the Amazon Web Services managed key <tt>aws/secretsmanager</tt>. If
--   you specify an empty string for the KMS key ID, the access preview
--   uses the Amazon Web Services managed key of the Amazon Web Services
--   account. For more information about secret policy limits, see
--   <a>Quotas for Secrets Manager.</a>.
--   
--   <i>See:</i> <a>newSecretsManagerSecretConfiguration</a> smart
--   constructor.
data SecretsManagerSecretConfiguration
SecretsManagerSecretConfiguration' :: Maybe Text -> Maybe Text -> SecretsManagerSecretConfiguration

-- | The proposed ARN, key ID, or alias of the KMS key.
[$sel:kmsKeyId:SecretsManagerSecretConfiguration'] :: SecretsManagerSecretConfiguration -> Maybe Text

-- | The proposed resource policy defining who can access or manage the
--   secret.
[$sel:secretPolicy:SecretsManagerSecretConfiguration'] :: SecretsManagerSecretConfiguration -> Maybe Text

-- | Create a value of <a>SecretsManagerSecretConfiguration</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:kmsKeyId:SecretsManagerSecretConfiguration'</a>,
--   <a>secretsManagerSecretConfiguration_kmsKeyId</a> - The proposed ARN,
--   key ID, or alias of the KMS key.
--   
--   <a>$sel:secretPolicy:SecretsManagerSecretConfiguration'</a>,
--   <a>secretsManagerSecretConfiguration_secretPolicy</a> - The proposed
--   resource policy defining who can access or manage the secret.
newSecretsManagerSecretConfiguration :: SecretsManagerSecretConfiguration

-- | The proposed ARN, key ID, or alias of the KMS key.
secretsManagerSecretConfiguration_kmsKeyId :: Lens' SecretsManagerSecretConfiguration (Maybe Text)

-- | The proposed resource policy defining who can access or manage the
--   secret.
secretsManagerSecretConfiguration_secretPolicy :: Lens' SecretsManagerSecretConfiguration (Maybe Text)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.SecretsManagerSecretConfiguration.SecretsManagerSecretConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.SecretsManagerSecretConfiguration.SecretsManagerSecretConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.SecretsManagerSecretConfiguration.SecretsManagerSecretConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.SecretsManagerSecretConfiguration.SecretsManagerSecretConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.SecretsManagerSecretConfiguration.SecretsManagerSecretConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.SecretsManagerSecretConfiguration.SecretsManagerSecretConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.SecretsManagerSecretConfiguration.SecretsManagerSecretConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.SecretsManagerSecretConfiguration.SecretsManagerSecretConfiguration


module Amazonka.AccessAnalyzer.Types.SnsTopicConfiguration

-- | The proposed access control configuration for an Amazon SNS topic. You
--   can propose a configuration for a new Amazon SNS topic or an existing
--   Amazon SNS topic that you own by specifying the policy. If the
--   configuration is for an existing Amazon SNS topic and you do not
--   specify the Amazon SNS policy, then the access preview uses the
--   existing Amazon SNS policy for the topic. If the access preview is for
--   a new resource and you do not specify the policy, then the access
--   preview assumes an Amazon SNS topic without a policy. To propose
--   deletion of an existing Amazon SNS topic policy, you can specify an
--   empty string for the Amazon SNS policy. For more information, see
--   <a>Topic</a>.
--   
--   <i>See:</i> <a>newSnsTopicConfiguration</a> smart constructor.
data SnsTopicConfiguration
SnsTopicConfiguration' :: Maybe Text -> SnsTopicConfiguration

-- | The JSON policy text that defines who can access an Amazon SNS topic.
--   For more information, see <a>Example cases for Amazon SNS access
--   control</a> in the <i>Amazon SNS Developer Guide</i>.
[$sel:topicPolicy:SnsTopicConfiguration'] :: SnsTopicConfiguration -> Maybe Text

-- | Create a value of <a>SnsTopicConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:topicPolicy:SnsTopicConfiguration'</a>,
--   <a>snsTopicConfiguration_topicPolicy</a> - The JSON policy text that
--   defines who can access an Amazon SNS topic. For more information, see
--   <a>Example cases for Amazon SNS access control</a> in the <i>Amazon
--   SNS Developer Guide</i>.
newSnsTopicConfiguration :: SnsTopicConfiguration

-- | The JSON policy text that defines who can access an Amazon SNS topic.
--   For more information, see <a>Example cases for Amazon SNS access
--   control</a> in the <i>Amazon SNS Developer Guide</i>.
snsTopicConfiguration_topicPolicy :: Lens' SnsTopicConfiguration (Maybe Text)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.SnsTopicConfiguration.SnsTopicConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.SnsTopicConfiguration.SnsTopicConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.SnsTopicConfiguration.SnsTopicConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.SnsTopicConfiguration.SnsTopicConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.SnsTopicConfiguration.SnsTopicConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.SnsTopicConfiguration.SnsTopicConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.SnsTopicConfiguration.SnsTopicConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.SnsTopicConfiguration.SnsTopicConfiguration


module Amazonka.AccessAnalyzer.Types.SortCriteria

-- | The criteria used to sort.
--   
--   <i>See:</i> <a>newSortCriteria</a> smart constructor.
data SortCriteria
SortCriteria' :: Maybe Text -> Maybe OrderBy -> SortCriteria

-- | The name of the attribute to sort on.
[$sel:attributeName:SortCriteria'] :: SortCriteria -> Maybe Text

-- | The sort order, ascending or descending.
[$sel:orderBy:SortCriteria'] :: SortCriteria -> Maybe OrderBy

-- | Create a value of <a>SortCriteria</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:attributeName:SortCriteria'</a>,
--   <a>sortCriteria_attributeName</a> - The name of the attribute to sort
--   on.
--   
--   <a>$sel:orderBy:SortCriteria'</a>, <a>sortCriteria_orderBy</a> - The
--   sort order, ascending or descending.
newSortCriteria :: SortCriteria

-- | The name of the attribute to sort on.
sortCriteria_attributeName :: Lens' SortCriteria (Maybe Text)

-- | The sort order, ascending or descending.
sortCriteria_orderBy :: Lens' SortCriteria (Maybe OrderBy)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.SortCriteria.SortCriteria
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.SortCriteria.SortCriteria
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.SortCriteria.SortCriteria
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.SortCriteria.SortCriteria
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.SortCriteria.SortCriteria
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.SortCriteria.SortCriteria
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.SortCriteria.SortCriteria


module Amazonka.AccessAnalyzer.Types.Span

-- | A span in a policy. The span consists of a start position (inclusive)
--   and end position (exclusive).
--   
--   <i>See:</i> <a>newSpan</a> smart constructor.
data Span
Span' :: Position -> Position -> Span

-- | The start position of the span (inclusive).
[$sel:start:Span'] :: Span -> Position

-- | The end position of the span (exclusive).
[$sel:end:Span'] :: Span -> Position

-- | Create a value of <a>Span</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:start:Span'</a>, <a>span_start</a> - The start position of the
--   span (inclusive).
--   
--   <a>$sel:end:Span'</a>, <a>span_end</a> - The end position of the span
--   (exclusive).
newSpan :: Position -> Position -> Span

-- | The start position of the span (inclusive).
span_start :: Lens' Span Position

-- | The end position of the span (exclusive).
span_end :: Lens' Span Position
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.Span.Span
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.Span.Span
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.Span.Span
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.Span.Span
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.Span.Span
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.Span.Span
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.Span.Span


module Amazonka.AccessAnalyzer.Types.SqsQueueConfiguration

-- | The proposed access control configuration for an Amazon SQS queue. You
--   can propose a configuration for a new Amazon SQS queue or an existing
--   Amazon SQS queue that you own by specifying the Amazon SQS policy. If
--   the configuration is for an existing Amazon SQS queue and you do not
--   specify the Amazon SQS policy, the access preview uses the existing
--   Amazon SQS policy for the queue. If the access preview is for a new
--   resource and you do not specify the policy, the access preview assumes
--   an Amazon SQS queue without a policy. To propose deletion of an
--   existing Amazon SQS queue policy, you can specify an empty string for
--   the Amazon SQS policy. For more information about Amazon SQS policy
--   limits, see <a>Quotas related to policies</a>.
--   
--   <i>See:</i> <a>newSqsQueueConfiguration</a> smart constructor.
data SqsQueueConfiguration
SqsQueueConfiguration' :: Maybe Text -> SqsQueueConfiguration

-- | The proposed resource policy for the Amazon SQS queue.
[$sel:queuePolicy:SqsQueueConfiguration'] :: SqsQueueConfiguration -> Maybe Text

-- | Create a value of <a>SqsQueueConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:queuePolicy:SqsQueueConfiguration'</a>,
--   <a>sqsQueueConfiguration_queuePolicy</a> - The proposed resource
--   policy for the Amazon SQS queue.
newSqsQueueConfiguration :: SqsQueueConfiguration

-- | The proposed resource policy for the Amazon SQS queue.
sqsQueueConfiguration_queuePolicy :: Lens' SqsQueueConfiguration (Maybe Text)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.SqsQueueConfiguration.SqsQueueConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.SqsQueueConfiguration.SqsQueueConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.SqsQueueConfiguration.SqsQueueConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.SqsQueueConfiguration.SqsQueueConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.SqsQueueConfiguration.SqsQueueConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.SqsQueueConfiguration.SqsQueueConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.SqsQueueConfiguration.SqsQueueConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.SqsQueueConfiguration.SqsQueueConfiguration


module Amazonka.AccessAnalyzer.Types.StatusReason

-- | Provides more details about the current status of the analyzer. For
--   example, if the creation for the analyzer fails, a <tt>Failed</tt>
--   status is returned. For an analyzer with organization as the type,
--   this failure can be due to an issue with creating the service-linked
--   roles required in the member accounts of the Amazon Web Services
--   organization.
--   
--   <i>See:</i> <a>newStatusReason</a> smart constructor.
data StatusReason
StatusReason' :: ReasonCode -> StatusReason

-- | The reason code for the current status of the analyzer.
[$sel:code:StatusReason'] :: StatusReason -> ReasonCode

-- | Create a value of <a>StatusReason</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:code:StatusReason'</a>, <a>statusReason_code</a> - The reason
--   code for the current status of the analyzer.
newStatusReason :: ReasonCode -> StatusReason

-- | The reason code for the current status of the analyzer.
statusReason_code :: Lens' StatusReason ReasonCode
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.StatusReason.StatusReason
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.StatusReason.StatusReason
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.StatusReason.StatusReason
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.StatusReason.StatusReason
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.StatusReason.StatusReason
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.StatusReason.StatusReason
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.StatusReason.StatusReason


module Amazonka.AccessAnalyzer.Types.Substring

-- | A reference to a substring of a literal string in a JSON document.
--   
--   <i>See:</i> <a>newSubstring</a> smart constructor.
data Substring
Substring' :: Int -> Int -> Substring

-- | The start index of the substring, starting from 0.
[$sel:start:Substring'] :: Substring -> Int

-- | The length of the substring.
[$sel:length:Substring'] :: Substring -> Int

-- | Create a value of <a>Substring</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:start:Substring'</a>, <a>substring_start</a> - The start index
--   of the substring, starting from 0.
--   
--   <a>$sel:length:Substring'</a>, <a>substring_length</a> - The length of
--   the substring.
newSubstring :: Int -> Int -> Substring

-- | The start index of the substring, starting from 0.
substring_start :: Lens' Substring Int

-- | The length of the substring.
substring_length :: Lens' Substring Int
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.Substring.Substring
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.Substring.Substring
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.Substring.Substring
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.Substring.Substring
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.Substring.Substring
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.Substring.Substring
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.Substring.Substring


module Amazonka.AccessAnalyzer.Types.PathElement

-- | A single element in a path through the JSON representation of a
--   policy.
--   
--   <i>See:</i> <a>newPathElement</a> smart constructor.
data PathElement
PathElement' :: Maybe Int -> Maybe Text -> Maybe Substring -> Maybe Text -> PathElement

-- | Refers to an index in a JSON array.
[$sel:index:PathElement'] :: PathElement -> Maybe Int

-- | Refers to a key in a JSON object.
[$sel:key:PathElement'] :: PathElement -> Maybe Text

-- | Refers to a substring of a literal string in a JSON object.
[$sel:substring:PathElement'] :: PathElement -> Maybe Substring

-- | Refers to the value associated with a given key in a JSON object.
[$sel:value:PathElement'] :: PathElement -> Maybe Text

-- | Create a value of <a>PathElement</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:index:PathElement'</a>, <a>pathElement_index</a> - Refers to
--   an index in a JSON array.
--   
--   <a>$sel:key:PathElement'</a>, <a>pathElement_key</a> - Refers to a key
--   in a JSON object.
--   
--   <a>$sel:substring:PathElement'</a>, <a>pathElement_substring</a> -
--   Refers to a substring of a literal string in a JSON object.
--   
--   <a>$sel:value:PathElement'</a>, <a>pathElement_value</a> - Refers to
--   the value associated with a given key in a JSON object.
newPathElement :: PathElement

-- | Refers to an index in a JSON array.
pathElement_index :: Lens' PathElement (Maybe Int)

-- | Refers to a key in a JSON object.
pathElement_key :: Lens' PathElement (Maybe Text)

-- | Refers to a substring of a literal string in a JSON object.
pathElement_substring :: Lens' PathElement (Maybe Substring)

-- | Refers to the value associated with a given key in a JSON object.
pathElement_value :: Lens' PathElement (Maybe Text)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.PathElement.PathElement
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.PathElement.PathElement
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.PathElement.PathElement
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.PathElement.PathElement
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.PathElement.PathElement
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.PathElement.PathElement
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.PathElement.PathElement


module Amazonka.AccessAnalyzer.Types.Location

-- | A location in a policy that is represented as a path through the JSON
--   representation and a corresponding span.
--   
--   <i>See:</i> <a>newLocation</a> smart constructor.
data Location
Location' :: [PathElement] -> Span -> Location

-- | A path in a policy, represented as a sequence of path elements.
[$sel:path:Location'] :: Location -> [PathElement]

-- | A span in a policy.
[$sel:span:Location'] :: Location -> Span

-- | Create a value of <a>Location</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:path:Location'</a>, <a>location_path</a> - A path in a policy,
--   represented as a sequence of path elements.
--   
--   <a>$sel:span:Location'</a>, <a>location_span</a> - A span in a policy.
newLocation :: Span -> Location

-- | A path in a policy, represented as a sequence of path elements.
location_path :: Lens' Location [PathElement]

-- | A span in a policy.
location_span :: Lens' Location Span
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.Location.Location
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.Location.Location
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.Location.Location
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.Location.Location
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.Location.Location
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.Location.Location
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.Location.Location


module Amazonka.AccessAnalyzer.Types.Trail

-- | Contains details about the CloudTrail trail being analyzed to generate
--   a policy.
--   
--   <i>See:</i> <a>newTrail</a> smart constructor.
data Trail
Trail' :: Maybe Bool -> Maybe [Text] -> Text -> Trail

-- | Possible values are <tt>true</tt> or <tt>false</tt>. If set to
--   <tt>true</tt>, IAM Access Analyzer retrieves CloudTrail data from all
--   regions to analyze and generate a policy.
[$sel:allRegions:Trail'] :: Trail -> Maybe Bool

-- | A list of regions to get CloudTrail data from and analyze to generate
--   a policy.
[$sel:regions:Trail'] :: Trail -> Maybe [Text]

-- | Specifies the ARN of the trail. The format of a trail ARN is
--   <tt>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</tt>.
[$sel:cloudTrailArn:Trail'] :: Trail -> Text

-- | Create a value of <a>Trail</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:allRegions:Trail'</a>, <a>trail_allRegions</a> - Possible
--   values are <tt>true</tt> or <tt>false</tt>. If set to <tt>true</tt>,
--   IAM Access Analyzer retrieves CloudTrail data from all regions to
--   analyze and generate a policy.
--   
--   <a>$sel:regions:Trail'</a>, <a>trail_regions</a> - A list of regions
--   to get CloudTrail data from and analyze to generate a policy.
--   
--   <a>$sel:cloudTrailArn:Trail'</a>, <a>trail_cloudTrailArn</a> -
--   Specifies the ARN of the trail. The format of a trail ARN is
--   <tt>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</tt>.
newTrail :: Text -> Trail

-- | Possible values are <tt>true</tt> or <tt>false</tt>. If set to
--   <tt>true</tt>, IAM Access Analyzer retrieves CloudTrail data from all
--   regions to analyze and generate a policy.
trail_allRegions :: Lens' Trail (Maybe Bool)

-- | A list of regions to get CloudTrail data from and analyze to generate
--   a policy.
trail_regions :: Lens' Trail (Maybe [Text])

-- | Specifies the ARN of the trail. The format of a trail ARN is
--   <tt>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</tt>.
trail_cloudTrailArn :: Lens' Trail Text
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.Trail.Trail
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.Trail.Trail
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.Trail.Trail
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.Trail.Trail
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.Trail.Trail
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.Trail.Trail
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.Trail.Trail


module Amazonka.AccessAnalyzer.Types.CloudTrailDetails

-- | Contains information about CloudTrail access.
--   
--   <i>See:</i> <a>newCloudTrailDetails</a> smart constructor.
data CloudTrailDetails
CloudTrailDetails' :: Maybe ISO8601 -> [Trail] -> Text -> ISO8601 -> CloudTrailDetails

-- | The end of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp after this time are not
--   considered to generate a policy. If this is not included in the
--   request, the default value is the current time.
[$sel:endTime:CloudTrailDetails'] :: CloudTrailDetails -> Maybe ISO8601

-- | A <tt>Trail</tt> object that contains settings for a trail.
[$sel:trails:CloudTrailDetails'] :: CloudTrailDetails -> [Trail]

-- | The ARN of the service role that IAM Access Analyzer uses to access
--   your CloudTrail trail and service last accessed information.
[$sel:accessRole:CloudTrailDetails'] :: CloudTrailDetails -> Text

-- | The start of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp before this time are not
--   considered to generate a policy.
[$sel:startTime:CloudTrailDetails'] :: CloudTrailDetails -> ISO8601

-- | Create a value of <a>CloudTrailDetails</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:endTime:CloudTrailDetails'</a>,
--   <a>cloudTrailDetails_endTime</a> - The end of the time range for which
--   IAM Access Analyzer reviews your CloudTrail events. Events with a
--   timestamp after this time are not considered to generate a policy. If
--   this is not included in the request, the default value is the current
--   time.
--   
--   <a>$sel:trails:CloudTrailDetails'</a>, <a>cloudTrailDetails_trails</a>
--   - A <tt>Trail</tt> object that contains settings for a trail.
--   
--   <a>$sel:accessRole:CloudTrailDetails'</a>,
--   <a>cloudTrailDetails_accessRole</a> - The ARN of the service role that
--   IAM Access Analyzer uses to access your CloudTrail trail and service
--   last accessed information.
--   
--   <a>$sel:startTime:CloudTrailDetails'</a>,
--   <a>cloudTrailDetails_startTime</a> - The start of the time range for
--   which IAM Access Analyzer reviews your CloudTrail events. Events with
--   a timestamp before this time are not considered to generate a policy.
newCloudTrailDetails :: Text -> UTCTime -> CloudTrailDetails

-- | The end of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp after this time are not
--   considered to generate a policy. If this is not included in the
--   request, the default value is the current time.
cloudTrailDetails_endTime :: Lens' CloudTrailDetails (Maybe UTCTime)

-- | A <tt>Trail</tt> object that contains settings for a trail.
cloudTrailDetails_trails :: Lens' CloudTrailDetails [Trail]

-- | The ARN of the service role that IAM Access Analyzer uses to access
--   your CloudTrail trail and service last accessed information.
cloudTrailDetails_accessRole :: Lens' CloudTrailDetails Text

-- | The start of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp before this time are not
--   considered to generate a policy.
cloudTrailDetails_startTime :: Lens' CloudTrailDetails UTCTime
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.CloudTrailDetails.CloudTrailDetails
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.CloudTrailDetails.CloudTrailDetails
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.CloudTrailDetails.CloudTrailDetails
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.CloudTrailDetails.CloudTrailDetails
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.CloudTrailDetails.CloudTrailDetails
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.CloudTrailDetails.CloudTrailDetails
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.CloudTrailDetails.CloudTrailDetails


module Amazonka.AccessAnalyzer.Types.TrailProperties

-- | Contains details about the CloudTrail trail being analyzed to generate
--   a policy.
--   
--   <i>See:</i> <a>newTrailProperties</a> smart constructor.
data TrailProperties
TrailProperties' :: Maybe Bool -> Maybe [Text] -> Text -> TrailProperties

-- | Possible values are <tt>true</tt> or <tt>false</tt>. If set to
--   <tt>true</tt>, IAM Access Analyzer retrieves CloudTrail data from all
--   regions to analyze and generate a policy.
[$sel:allRegions:TrailProperties'] :: TrailProperties -> Maybe Bool

-- | A list of regions to get CloudTrail data from and analyze to generate
--   a policy.
[$sel:regions:TrailProperties'] :: TrailProperties -> Maybe [Text]

-- | Specifies the ARN of the trail. The format of a trail ARN is
--   <tt>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</tt>.
[$sel:cloudTrailArn:TrailProperties'] :: TrailProperties -> Text

-- | Create a value of <a>TrailProperties</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:allRegions:TrailProperties'</a>,
--   <a>trailProperties_allRegions</a> - Possible values are <tt>true</tt>
--   or <tt>false</tt>. If set to <tt>true</tt>, IAM Access Analyzer
--   retrieves CloudTrail data from all regions to analyze and generate a
--   policy.
--   
--   <a>$sel:regions:TrailProperties'</a>, <a>trailProperties_regions</a> -
--   A list of regions to get CloudTrail data from and analyze to generate
--   a policy.
--   
--   <a>$sel:cloudTrailArn:TrailProperties'</a>,
--   <a>trailProperties_cloudTrailArn</a> - Specifies the ARN of the trail.
--   The format of a trail ARN is
--   <tt>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</tt>.
newTrailProperties :: Text -> TrailProperties

-- | Possible values are <tt>true</tt> or <tt>false</tt>. If set to
--   <tt>true</tt>, IAM Access Analyzer retrieves CloudTrail data from all
--   regions to analyze and generate a policy.
trailProperties_allRegions :: Lens' TrailProperties (Maybe Bool)

-- | A list of regions to get CloudTrail data from and analyze to generate
--   a policy.
trailProperties_regions :: Lens' TrailProperties (Maybe [Text])

-- | Specifies the ARN of the trail. The format of a trail ARN is
--   <tt>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</tt>.
trailProperties_cloudTrailArn :: Lens' TrailProperties Text
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.TrailProperties.TrailProperties
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.TrailProperties.TrailProperties
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.TrailProperties.TrailProperties
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.TrailProperties.TrailProperties
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.TrailProperties.TrailProperties
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.TrailProperties.TrailProperties
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.TrailProperties.TrailProperties


module Amazonka.AccessAnalyzer.Types.CloudTrailProperties

-- | Contains information about CloudTrail access.
--   
--   <i>See:</i> <a>newCloudTrailProperties</a> smart constructor.
data CloudTrailProperties
CloudTrailProperties' :: [TrailProperties] -> ISO8601 -> ISO8601 -> CloudTrailProperties

-- | A <tt>TrailProperties</tt> object that contains settings for trail
--   properties.
[$sel:trailProperties:CloudTrailProperties'] :: CloudTrailProperties -> [TrailProperties]

-- | The start of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp before this time are not
--   considered to generate a policy.
[$sel:startTime:CloudTrailProperties'] :: CloudTrailProperties -> ISO8601

-- | The end of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp after this time are not
--   considered to generate a policy. If this is not included in the
--   request, the default value is the current time.
[$sel:endTime:CloudTrailProperties'] :: CloudTrailProperties -> ISO8601

-- | Create a value of <a>CloudTrailProperties</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:trailProperties:CloudTrailProperties'</a>,
--   <a>cloudTrailProperties_trailProperties</a> - A
--   <tt>TrailProperties</tt> object that contains settings for trail
--   properties.
--   
--   <a>$sel:startTime:CloudTrailProperties'</a>,
--   <a>cloudTrailProperties_startTime</a> - The start of the time range
--   for which IAM Access Analyzer reviews your CloudTrail events. Events
--   with a timestamp before this time are not considered to generate a
--   policy.
--   
--   <a>$sel:endTime:CloudTrailProperties'</a>,
--   <a>cloudTrailProperties_endTime</a> - The end of the time range for
--   which IAM Access Analyzer reviews your CloudTrail events. Events with
--   a timestamp after this time are not considered to generate a policy.
--   If this is not included in the request, the default value is the
--   current time.
newCloudTrailProperties :: UTCTime -> UTCTime -> CloudTrailProperties

-- | A <tt>TrailProperties</tt> object that contains settings for trail
--   properties.
cloudTrailProperties_trailProperties :: Lens' CloudTrailProperties [TrailProperties]

-- | The start of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp before this time are not
--   considered to generate a policy.
cloudTrailProperties_startTime :: Lens' CloudTrailProperties UTCTime

-- | The end of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp after this time are not
--   considered to generate a policy. If this is not included in the
--   request, the default value is the current time.
cloudTrailProperties_endTime :: Lens' CloudTrailProperties UTCTime
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.CloudTrailProperties.CloudTrailProperties
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.CloudTrailProperties.CloudTrailProperties
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.CloudTrailProperties.CloudTrailProperties
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.CloudTrailProperties.CloudTrailProperties
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.CloudTrailProperties.CloudTrailProperties
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.CloudTrailProperties.CloudTrailProperties
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.CloudTrailProperties.CloudTrailProperties


module Amazonka.AccessAnalyzer.Types.GeneratedPolicyProperties

-- | Contains the generated policy details.
--   
--   <i>See:</i> <a>newGeneratedPolicyProperties</a> smart constructor.
data GeneratedPolicyProperties
GeneratedPolicyProperties' :: Maybe CloudTrailProperties -> Maybe Bool -> Text -> GeneratedPolicyProperties

-- | Lists details about the <tt>Trail</tt> used to generated policy.
[$sel:cloudTrailProperties:GeneratedPolicyProperties'] :: GeneratedPolicyProperties -> Maybe CloudTrailProperties

-- | This value is set to <tt>true</tt> if the generated policy contains
--   all possible actions for a service that IAM Access Analyzer identified
--   from the CloudTrail trail that you specified, and <tt>false</tt>
--   otherwise.
[$sel:isComplete:GeneratedPolicyProperties'] :: GeneratedPolicyProperties -> Maybe Bool

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy.
[$sel:principalArn:GeneratedPolicyProperties'] :: GeneratedPolicyProperties -> Text

-- | Create a value of <a>GeneratedPolicyProperties</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:cloudTrailProperties:GeneratedPolicyProperties'</a>,
--   <a>generatedPolicyProperties_cloudTrailProperties</a> - Lists details
--   about the <tt>Trail</tt> used to generated policy.
--   
--   <a>$sel:isComplete:GeneratedPolicyProperties'</a>,
--   <a>generatedPolicyProperties_isComplete</a> - This value is set to
--   <tt>true</tt> if the generated policy contains all possible actions
--   for a service that IAM Access Analyzer identified from the CloudTrail
--   trail that you specified, and <tt>false</tt> otherwise.
--   
--   <a>$sel:principalArn:GeneratedPolicyProperties'</a>,
--   <a>generatedPolicyProperties_principalArn</a> - The ARN of the IAM
--   entity (user or role) for which you are generating a policy.
newGeneratedPolicyProperties :: Text -> GeneratedPolicyProperties

-- | Lists details about the <tt>Trail</tt> used to generated policy.
generatedPolicyProperties_cloudTrailProperties :: Lens' GeneratedPolicyProperties (Maybe CloudTrailProperties)

-- | This value is set to <tt>true</tt> if the generated policy contains
--   all possible actions for a service that IAM Access Analyzer identified
--   from the CloudTrail trail that you specified, and <tt>false</tt>
--   otherwise.
generatedPolicyProperties_isComplete :: Lens' GeneratedPolicyProperties (Maybe Bool)

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy.
generatedPolicyProperties_principalArn :: Lens' GeneratedPolicyProperties Text
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.GeneratedPolicyProperties.GeneratedPolicyProperties
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.GeneratedPolicyProperties.GeneratedPolicyProperties
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.GeneratedPolicyProperties.GeneratedPolicyProperties
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.GeneratedPolicyProperties.GeneratedPolicyProperties
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.GeneratedPolicyProperties.GeneratedPolicyProperties
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.GeneratedPolicyProperties.GeneratedPolicyProperties
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.GeneratedPolicyProperties.GeneratedPolicyProperties


module Amazonka.AccessAnalyzer.Types.GeneratedPolicyResult

-- | Contains the text for the generated policy and its details.
--   
--   <i>See:</i> <a>newGeneratedPolicyResult</a> smart constructor.
data GeneratedPolicyResult
GeneratedPolicyResult' :: Maybe [GeneratedPolicy] -> GeneratedPolicyProperties -> GeneratedPolicyResult

-- | The text to use as the content for the new policy. The policy is
--   created using the <a>CreatePolicy</a> action.
[$sel:generatedPolicies:GeneratedPolicyResult'] :: GeneratedPolicyResult -> Maybe [GeneratedPolicy]

-- | A <tt>GeneratedPolicyProperties</tt> object that contains properties
--   of the generated policy.
[$sel:properties:GeneratedPolicyResult'] :: GeneratedPolicyResult -> GeneratedPolicyProperties

-- | Create a value of <a>GeneratedPolicyResult</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:generatedPolicies:GeneratedPolicyResult'</a>,
--   <a>generatedPolicyResult_generatedPolicies</a> - The text to use as
--   the content for the new policy. The policy is created using the
--   <a>CreatePolicy</a> action.
--   
--   <a>$sel:properties:GeneratedPolicyResult'</a>,
--   <a>generatedPolicyResult_properties</a> - A
--   <tt>GeneratedPolicyProperties</tt> object that contains properties of
--   the generated policy.
newGeneratedPolicyResult :: GeneratedPolicyProperties -> GeneratedPolicyResult

-- | The text to use as the content for the new policy. The policy is
--   created using the <a>CreatePolicy</a> action.
generatedPolicyResult_generatedPolicies :: Lens' GeneratedPolicyResult (Maybe [GeneratedPolicy])

-- | A <tt>GeneratedPolicyProperties</tt> object that contains properties
--   of the generated policy.
generatedPolicyResult_properties :: Lens' GeneratedPolicyResult GeneratedPolicyProperties
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.GeneratedPolicyResult.GeneratedPolicyResult
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.GeneratedPolicyResult.GeneratedPolicyResult
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.GeneratedPolicyResult.GeneratedPolicyResult
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.GeneratedPolicyResult.GeneratedPolicyResult
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.GeneratedPolicyResult.GeneratedPolicyResult
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.GeneratedPolicyResult.GeneratedPolicyResult
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.GeneratedPolicyResult.GeneratedPolicyResult


module Amazonka.AccessAnalyzer.Types.Type
newtype Type
Type' :: Text -> Type
[fromType] :: Type -> Text
pattern Type_ACCOUNT :: Type
pattern Type_ORGANIZATION :: Type
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.Type.Type
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.Type.Type
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.Type.Type
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.Type.Type
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.Type.Type
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.Type.Type
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.Type.Type
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.Type.Type
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.Type.Type
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.Type.Type
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.Type.Type
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.Type.Type
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.Type.Type
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.Type.Type
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.Type.Type
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.Type.Type
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.Type.Type
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.Type.Type
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.Type.Type


module Amazonka.AccessAnalyzer.Types.AnalyzerSummary

-- | Contains information about the analyzer.
--   
--   <i>See:</i> <a>newAnalyzerSummary</a> smart constructor.
data AnalyzerSummary
AnalyzerSummary' :: Maybe Text -> Maybe ISO8601 -> Maybe StatusReason -> Maybe (HashMap Text Text) -> Text -> Text -> Type -> ISO8601 -> AnalyzerStatus -> AnalyzerSummary

-- | The resource that was most recently analyzed by the analyzer.
[$sel:lastResourceAnalyzed:AnalyzerSummary'] :: AnalyzerSummary -> Maybe Text

-- | The time at which the most recently analyzed resource was analyzed.
[$sel:lastResourceAnalyzedAt:AnalyzerSummary'] :: AnalyzerSummary -> Maybe ISO8601

-- | The <tt>statusReason</tt> provides more details about the current
--   status of the analyzer. For example, if the creation for the analyzer
--   fails, a <tt>Failed</tt> status is returned. For an analyzer with
--   organization as the type, this failure can be due to an issue with
--   creating the service-linked roles required in the member accounts of
--   the Amazon Web Services organization.
[$sel:statusReason:AnalyzerSummary'] :: AnalyzerSummary -> Maybe StatusReason

-- | The tags added to the analyzer.
[$sel:tags:AnalyzerSummary'] :: AnalyzerSummary -> Maybe (HashMap Text Text)

-- | The ARN of the analyzer.
[$sel:arn:AnalyzerSummary'] :: AnalyzerSummary -> Text

-- | The name of the analyzer.
[$sel:name:AnalyzerSummary'] :: AnalyzerSummary -> Text

-- | The type of analyzer, which corresponds to the zone of trust chosen
--   for the analyzer.
[$sel:type':AnalyzerSummary'] :: AnalyzerSummary -> Type

-- | A timestamp for the time at which the analyzer was created.
[$sel:createdAt:AnalyzerSummary'] :: AnalyzerSummary -> ISO8601

-- | The status of the analyzer. An <tt>Active</tt> analyzer successfully
--   monitors supported resources and generates new findings. The analyzer
--   is <tt>Disabled</tt> when a user action, such as removing trusted
--   access for Identity and Access Management Access Analyzer from
--   Organizations, causes the analyzer to stop generating new findings.
--   The status is <tt>Creating</tt> when the analyzer creation is in
--   progress and <tt>Failed</tt> when the analyzer creation has failed.
[$sel:status:AnalyzerSummary'] :: AnalyzerSummary -> AnalyzerStatus

-- | Create a value of <a>AnalyzerSummary</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:lastResourceAnalyzed:AnalyzerSummary'</a>,
--   <a>analyzerSummary_lastResourceAnalyzed</a> - The resource that was
--   most recently analyzed by the analyzer.
--   
--   <a>$sel:lastResourceAnalyzedAt:AnalyzerSummary'</a>,
--   <a>analyzerSummary_lastResourceAnalyzedAt</a> - The time at which the
--   most recently analyzed resource was analyzed.
--   
--   <a>$sel:statusReason:AnalyzerSummary'</a>,
--   <a>analyzerSummary_statusReason</a> - The <tt>statusReason</tt>
--   provides more details about the current status of the analyzer. For
--   example, if the creation for the analyzer fails, a <tt>Failed</tt>
--   status is returned. For an analyzer with organization as the type,
--   this failure can be due to an issue with creating the service-linked
--   roles required in the member accounts of the Amazon Web Services
--   organization.
--   
--   <a>$sel:tags:AnalyzerSummary'</a>, <a>analyzerSummary_tags</a> - The
--   tags added to the analyzer.
--   
--   <a>$sel:arn:AnalyzerSummary'</a>, <a>analyzerSummary_arn</a> - The ARN
--   of the analyzer.
--   
--   <a>$sel:name:AnalyzerSummary'</a>, <a>analyzerSummary_name</a> - The
--   name of the analyzer.
--   
--   <a>$sel:type':AnalyzerSummary'</a>, <a>analyzerSummary_type</a> - The
--   type of analyzer, which corresponds to the zone of trust chosen for
--   the analyzer.
--   
--   <a>$sel:createdAt:AnalyzerSummary'</a>,
--   <a>analyzerSummary_createdAt</a> - A timestamp for the time at which
--   the analyzer was created.
--   
--   <a>$sel:status:AnalyzerSummary'</a>, <a>analyzerSummary_status</a> -
--   The status of the analyzer. An <tt>Active</tt> analyzer successfully
--   monitors supported resources and generates new findings. The analyzer
--   is <tt>Disabled</tt> when a user action, such as removing trusted
--   access for Identity and Access Management Access Analyzer from
--   Organizations, causes the analyzer to stop generating new findings.
--   The status is <tt>Creating</tt> when the analyzer creation is in
--   progress and <tt>Failed</tt> when the analyzer creation has failed.
newAnalyzerSummary :: Text -> Text -> Type -> UTCTime -> AnalyzerStatus -> AnalyzerSummary

-- | The resource that was most recently analyzed by the analyzer.
analyzerSummary_lastResourceAnalyzed :: Lens' AnalyzerSummary (Maybe Text)

-- | The time at which the most recently analyzed resource was analyzed.
analyzerSummary_lastResourceAnalyzedAt :: Lens' AnalyzerSummary (Maybe UTCTime)

-- | The <tt>statusReason</tt> provides more details about the current
--   status of the analyzer. For example, if the creation for the analyzer
--   fails, a <tt>Failed</tt> status is returned. For an analyzer with
--   organization as the type, this failure can be due to an issue with
--   creating the service-linked roles required in the member accounts of
--   the Amazon Web Services organization.
analyzerSummary_statusReason :: Lens' AnalyzerSummary (Maybe StatusReason)

-- | The tags added to the analyzer.
analyzerSummary_tags :: Lens' AnalyzerSummary (Maybe (HashMap Text Text))

-- | The ARN of the analyzer.
analyzerSummary_arn :: Lens' AnalyzerSummary Text

-- | The name of the analyzer.
analyzerSummary_name :: Lens' AnalyzerSummary Text

-- | The type of analyzer, which corresponds to the zone of trust chosen
--   for the analyzer.
analyzerSummary_type :: Lens' AnalyzerSummary Type

-- | A timestamp for the time at which the analyzer was created.
analyzerSummary_createdAt :: Lens' AnalyzerSummary UTCTime

-- | The status of the analyzer. An <tt>Active</tt> analyzer successfully
--   monitors supported resources and generates new findings. The analyzer
--   is <tt>Disabled</tt> when a user action, such as removing trusted
--   access for Identity and Access Management Access Analyzer from
--   Organizations, causes the analyzer to stop generating new findings.
--   The status is <tt>Creating</tt> when the analyzer creation is in
--   progress and <tt>Failed</tt> when the analyzer creation has failed.
analyzerSummary_status :: Lens' AnalyzerSummary AnalyzerStatus
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.AnalyzerSummary.AnalyzerSummary
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.AnalyzerSummary.AnalyzerSummary
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.AnalyzerSummary.AnalyzerSummary
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.AnalyzerSummary.AnalyzerSummary
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.AnalyzerSummary.AnalyzerSummary
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.AnalyzerSummary.AnalyzerSummary
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.AnalyzerSummary.AnalyzerSummary


module Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType
newtype ValidatePolicyFindingType
ValidatePolicyFindingType' :: Text -> ValidatePolicyFindingType
[fromValidatePolicyFindingType] :: ValidatePolicyFindingType -> Text
pattern ValidatePolicyFindingType_ERROR :: ValidatePolicyFindingType
pattern ValidatePolicyFindingType_SECURITY_WARNING :: ValidatePolicyFindingType
pattern ValidatePolicyFindingType_SUGGESTION :: ValidatePolicyFindingType
pattern ValidatePolicyFindingType_WARNING :: ValidatePolicyFindingType
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType.ValidatePolicyFindingType


module Amazonka.AccessAnalyzer.Types.ValidatePolicyFinding

-- | A finding in a policy. Each finding is an actionable recommendation
--   that can be used to improve the policy.
--   
--   <i>See:</i> <a>newValidatePolicyFinding</a> smart constructor.
data ValidatePolicyFinding
ValidatePolicyFinding' :: Text -> ValidatePolicyFindingType -> Text -> Text -> [Location] -> ValidatePolicyFinding

-- | A localized message that explains the finding and provides guidance on
--   how to address it.
[$sel:findingDetails:ValidatePolicyFinding'] :: ValidatePolicyFinding -> Text

-- | The impact of the finding.
--   
--   Security warnings report when the policy allows access that we
--   consider overly permissive.
--   
--   Errors report when a part of the policy is not functional.
--   
--   Warnings report non-security issues when a policy does not conform to
--   policy writing best practices.
--   
--   Suggestions recommend stylistic improvements in the policy that do not
--   impact access.
[$sel:findingType:ValidatePolicyFinding'] :: ValidatePolicyFinding -> ValidatePolicyFindingType

-- | The issue code provides an identifier of the issue associated with
--   this finding.
[$sel:issueCode:ValidatePolicyFinding'] :: ValidatePolicyFinding -> Text

-- | A link to additional documentation about the type of finding.
[$sel:learnMoreLink:ValidatePolicyFinding'] :: ValidatePolicyFinding -> Text

-- | The list of locations in the policy document that are related to the
--   finding. The issue code provides a summary of an issue identified by
--   the finding.
[$sel:locations:ValidatePolicyFinding'] :: ValidatePolicyFinding -> [Location]

-- | Create a value of <a>ValidatePolicyFinding</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:findingDetails:ValidatePolicyFinding'</a>,
--   <a>validatePolicyFinding_findingDetails</a> - A localized message that
--   explains the finding and provides guidance on how to address it.
--   
--   <a>$sel:findingType:ValidatePolicyFinding'</a>,
--   <a>validatePolicyFinding_findingType</a> - The impact of the finding.
--   
--   Security warnings report when the policy allows access that we
--   consider overly permissive.
--   
--   Errors report when a part of the policy is not functional.
--   
--   Warnings report non-security issues when a policy does not conform to
--   policy writing best practices.
--   
--   Suggestions recommend stylistic improvements in the policy that do not
--   impact access.
--   
--   <a>$sel:issueCode:ValidatePolicyFinding'</a>,
--   <a>validatePolicyFinding_issueCode</a> - The issue code provides an
--   identifier of the issue associated with this finding.
--   
--   <a>$sel:learnMoreLink:ValidatePolicyFinding'</a>,
--   <a>validatePolicyFinding_learnMoreLink</a> - A link to additional
--   documentation about the type of finding.
--   
--   <a>$sel:locations:ValidatePolicyFinding'</a>,
--   <a>validatePolicyFinding_locations</a> - The list of locations in the
--   policy document that are related to the finding. The issue code
--   provides a summary of an issue identified by the finding.
newValidatePolicyFinding :: Text -> ValidatePolicyFindingType -> Text -> Text -> ValidatePolicyFinding

-- | A localized message that explains the finding and provides guidance on
--   how to address it.
validatePolicyFinding_findingDetails :: Lens' ValidatePolicyFinding Text

-- | The impact of the finding.
--   
--   Security warnings report when the policy allows access that we
--   consider overly permissive.
--   
--   Errors report when a part of the policy is not functional.
--   
--   Warnings report non-security issues when a policy does not conform to
--   policy writing best practices.
--   
--   Suggestions recommend stylistic improvements in the policy that do not
--   impact access.
validatePolicyFinding_findingType :: Lens' ValidatePolicyFinding ValidatePolicyFindingType

-- | The issue code provides an identifier of the issue associated with
--   this finding.
validatePolicyFinding_issueCode :: Lens' ValidatePolicyFinding Text

-- | A link to additional documentation about the type of finding.
validatePolicyFinding_learnMoreLink :: Lens' ValidatePolicyFinding Text

-- | The list of locations in the policy document that are related to the
--   finding. The issue code provides a summary of an issue identified by
--   the finding.
validatePolicyFinding_locations :: Lens' ValidatePolicyFinding [Location]
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.ValidatePolicyFinding.ValidatePolicyFinding
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.ValidatePolicyFinding.ValidatePolicyFinding
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.ValidatePolicyFinding.ValidatePolicyFinding
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.ValidatePolicyFinding.ValidatePolicyFinding
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.ValidatePolicyFinding.ValidatePolicyFinding
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.ValidatePolicyFinding.ValidatePolicyFinding
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.ValidatePolicyFinding.ValidatePolicyFinding


module Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType
newtype ValidatePolicyResourceType
ValidatePolicyResourceType' :: Text -> ValidatePolicyResourceType
[fromValidatePolicyResourceType] :: ValidatePolicyResourceType -> Text
pattern ValidatePolicyResourceType_AWS__IAM__AssumeRolePolicyDocument :: ValidatePolicyResourceType
pattern ValidatePolicyResourceType_AWS__S3ObjectLambda__AccessPoint :: ValidatePolicyResourceType
pattern ValidatePolicyResourceType_AWS__S3__AccessPoint :: ValidatePolicyResourceType
pattern ValidatePolicyResourceType_AWS__S3__Bucket :: ValidatePolicyResourceType
pattern ValidatePolicyResourceType_AWS__S3__MultiRegionAccessPoint :: ValidatePolicyResourceType
instance Amazonka.Data.XML.ToXML Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance Amazonka.Data.XML.FromXML Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance Amazonka.Data.Headers.ToHeader Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance Amazonka.Data.Log.ToLog Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance Amazonka.Data.ByteString.ToByteString Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance Amazonka.Data.Text.ToText Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance Amazonka.Data.Text.FromText Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance GHC.Classes.Ord Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType.ValidatePolicyResourceType


module Amazonka.AccessAnalyzer.Types.VpcConfiguration

-- | The proposed virtual private cloud (VPC) configuration for the Amazon
--   S3 access point. VPC configuration does not apply to multi-region
--   access points. For more information, see <a>VpcConfiguration</a>.
--   
--   <i>See:</i> <a>newVpcConfiguration</a> smart constructor.
data VpcConfiguration
VpcConfiguration' :: Text -> VpcConfiguration

-- | If this field is specified, this access point will only allow
--   connections from the specified VPC ID.
[$sel:vpcId:VpcConfiguration'] :: VpcConfiguration -> Text

-- | Create a value of <a>VpcConfiguration</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:vpcId:VpcConfiguration'</a>, <a>vpcConfiguration_vpcId</a> -
--   If this field is specified, this access point will only allow
--   connections from the specified VPC ID.
newVpcConfiguration :: Text -> VpcConfiguration

-- | If this field is specified, this access point will only allow
--   connections from the specified VPC ID.
vpcConfiguration_vpcId :: Lens' VpcConfiguration Text
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.VpcConfiguration.VpcConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.VpcConfiguration.VpcConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.VpcConfiguration.VpcConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.VpcConfiguration.VpcConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.VpcConfiguration.VpcConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.VpcConfiguration.VpcConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.VpcConfiguration.VpcConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.VpcConfiguration.VpcConfiguration


module Amazonka.AccessAnalyzer.Types.NetworkOriginConfiguration

-- | The proposed <tt>InternetConfiguration</tt> or
--   <tt>VpcConfiguration</tt> to apply to the Amazon S3 access point.
--   <tt>VpcConfiguration</tt> does not apply to multi-region access
--   points. You can make the access point accessible from the internet, or
--   you can specify that all requests made through that access point must
--   originate from a specific virtual private cloud (VPC). You can specify
--   only one type of network configuration. For more information, see
--   <a>Creating access points</a>.
--   
--   <i>See:</i> <a>newNetworkOriginConfiguration</a> smart constructor.
data NetworkOriginConfiguration
NetworkOriginConfiguration' :: Maybe InternetConfiguration -> Maybe VpcConfiguration -> NetworkOriginConfiguration

-- | The configuration for the Amazon S3 access point or multi-region
--   access point with an <tt>Internet</tt> origin.
[$sel:internetConfiguration:NetworkOriginConfiguration'] :: NetworkOriginConfiguration -> Maybe InternetConfiguration
[$sel:vpcConfiguration:NetworkOriginConfiguration'] :: NetworkOriginConfiguration -> Maybe VpcConfiguration

-- | Create a value of <a>NetworkOriginConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:internetConfiguration:NetworkOriginConfiguration'</a>,
--   <a>networkOriginConfiguration_internetConfiguration</a> - The
--   configuration for the Amazon S3 access point or multi-region access
--   point with an <tt>Internet</tt> origin.
--   
--   <a>$sel:vpcConfiguration:NetworkOriginConfiguration'</a>,
--   <a>networkOriginConfiguration_vpcConfiguration</a> - Undocumented
--   member.
newNetworkOriginConfiguration :: NetworkOriginConfiguration

-- | The configuration for the Amazon S3 access point or multi-region
--   access point with an <tt>Internet</tt> origin.
networkOriginConfiguration_internetConfiguration :: Lens' NetworkOriginConfiguration (Maybe InternetConfiguration)

-- | Undocumented member.
networkOriginConfiguration_vpcConfiguration :: Lens' NetworkOriginConfiguration (Maybe VpcConfiguration)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.NetworkOriginConfiguration.NetworkOriginConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.NetworkOriginConfiguration.NetworkOriginConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.NetworkOriginConfiguration.NetworkOriginConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.NetworkOriginConfiguration.NetworkOriginConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.NetworkOriginConfiguration.NetworkOriginConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.NetworkOriginConfiguration.NetworkOriginConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.NetworkOriginConfiguration.NetworkOriginConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.NetworkOriginConfiguration.NetworkOriginConfiguration


module Amazonka.AccessAnalyzer.Types.S3AccessPointConfiguration

-- | The configuration for an Amazon S3 access point or multi-region access
--   point for the bucket. You can propose up to 10 access points or
--   multi-region access points per bucket. If the proposed Amazon S3
--   access point configuration is for an existing bucket, the access
--   preview uses the proposed access point configuration in place of the
--   existing access points. To propose an access point without a policy,
--   you can provide an empty string as the access point policy. For more
--   information, see <a>Creating access points</a>. For more information
--   about access point policy limits, see <a>Access points restrictions
--   and limitations</a>.
--   
--   <i>See:</i> <a>newS3AccessPointConfiguration</a> smart constructor.
data S3AccessPointConfiguration
S3AccessPointConfiguration' :: Maybe Text -> Maybe NetworkOriginConfiguration -> Maybe S3PublicAccessBlockConfiguration -> S3AccessPointConfiguration

-- | The access point or multi-region access point policy.
[$sel:accessPointPolicy:S3AccessPointConfiguration'] :: S3AccessPointConfiguration -> Maybe Text

-- | The proposed <tt>Internet</tt> and <tt>VpcConfiguration</tt> to apply
--   to this Amazon S3 access point. <tt>VpcConfiguration</tt> does not
--   apply to multi-region access points. If the access preview is for a
--   new resource and neither is specified, the access preview uses
--   <tt>Internet</tt> for the network origin. If the access preview is for
--   an existing resource and neither is specified, the access preview uses
--   the exiting network origin.
[$sel:networkOrigin:S3AccessPointConfiguration'] :: S3AccessPointConfiguration -> Maybe NetworkOriginConfiguration

-- | The proposed <tt>S3PublicAccessBlock</tt> configuration to apply to
--   this Amazon S3 access point or multi-region access point.
[$sel:publicAccessBlock:S3AccessPointConfiguration'] :: S3AccessPointConfiguration -> Maybe S3PublicAccessBlockConfiguration

-- | Create a value of <a>S3AccessPointConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accessPointPolicy:S3AccessPointConfiguration'</a>,
--   <a>s3AccessPointConfiguration_accessPointPolicy</a> - The access point
--   or multi-region access point policy.
--   
--   <a>$sel:networkOrigin:S3AccessPointConfiguration'</a>,
--   <a>s3AccessPointConfiguration_networkOrigin</a> - The proposed
--   <tt>Internet</tt> and <tt>VpcConfiguration</tt> to apply to this
--   Amazon S3 access point. <tt>VpcConfiguration</tt> does not apply to
--   multi-region access points. If the access preview is for a new
--   resource and neither is specified, the access preview uses
--   <tt>Internet</tt> for the network origin. If the access preview is for
--   an existing resource and neither is specified, the access preview uses
--   the exiting network origin.
--   
--   <a>$sel:publicAccessBlock:S3AccessPointConfiguration'</a>,
--   <a>s3AccessPointConfiguration_publicAccessBlock</a> - The proposed
--   <tt>S3PublicAccessBlock</tt> configuration to apply to this Amazon S3
--   access point or multi-region access point.
newS3AccessPointConfiguration :: S3AccessPointConfiguration

-- | The access point or multi-region access point policy.
s3AccessPointConfiguration_accessPointPolicy :: Lens' S3AccessPointConfiguration (Maybe Text)

-- | The proposed <tt>Internet</tt> and <tt>VpcConfiguration</tt> to apply
--   to this Amazon S3 access point. <tt>VpcConfiguration</tt> does not
--   apply to multi-region access points. If the access preview is for a
--   new resource and neither is specified, the access preview uses
--   <tt>Internet</tt> for the network origin. If the access preview is for
--   an existing resource and neither is specified, the access preview uses
--   the exiting network origin.
s3AccessPointConfiguration_networkOrigin :: Lens' S3AccessPointConfiguration (Maybe NetworkOriginConfiguration)

-- | The proposed <tt>S3PublicAccessBlock</tt> configuration to apply to
--   this Amazon S3 access point or multi-region access point.
s3AccessPointConfiguration_publicAccessBlock :: Lens' S3AccessPointConfiguration (Maybe S3PublicAccessBlockConfiguration)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.S3AccessPointConfiguration.S3AccessPointConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.S3AccessPointConfiguration.S3AccessPointConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.S3AccessPointConfiguration.S3AccessPointConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.S3AccessPointConfiguration.S3AccessPointConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.S3AccessPointConfiguration.S3AccessPointConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.S3AccessPointConfiguration.S3AccessPointConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.S3AccessPointConfiguration.S3AccessPointConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.S3AccessPointConfiguration.S3AccessPointConfiguration


module Amazonka.AccessAnalyzer.Types.S3BucketConfiguration

-- | Proposed access control configuration for an Amazon S3 bucket. You can
--   propose a configuration for a new Amazon S3 bucket or an existing
--   Amazon S3 bucket that you own by specifying the Amazon S3 bucket
--   policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and
--   multi-region access points attached to the bucket. If the
--   configuration is for an existing Amazon S3 bucket and you do not
--   specify the Amazon S3 bucket policy, the access preview uses the
--   existing policy attached to the bucket. If the access preview is for a
--   new resource and you do not specify the Amazon S3 bucket policy, the
--   access preview assumes a bucket without a policy. To propose deletion
--   of an existing bucket policy, you can specify an empty string. For
--   more information about bucket policy limits, see <a>Bucket Policy
--   Examples</a>.
--   
--   <i>See:</i> <a>newS3BucketConfiguration</a> smart constructor.
data S3BucketConfiguration
S3BucketConfiguration' :: Maybe (HashMap Text S3AccessPointConfiguration) -> Maybe [S3BucketAclGrantConfiguration] -> Maybe Text -> Maybe S3PublicAccessBlockConfiguration -> S3BucketConfiguration

-- | The configuration of Amazon S3 access points or multi-region access
--   points for the bucket. You can propose up to 10 new access points per
--   bucket.
[$sel:accessPoints:S3BucketConfiguration'] :: S3BucketConfiguration -> Maybe (HashMap Text S3AccessPointConfiguration)

-- | The proposed list of ACL grants for the Amazon S3 bucket. You can
--   propose up to 100 ACL grants per bucket. If the proposed grant
--   configuration is for an existing bucket, the access preview uses the
--   proposed list of grant configurations in place of the existing grants.
--   Otherwise, the access preview uses the existing grants for the bucket.
[$sel:bucketAclGrants:S3BucketConfiguration'] :: S3BucketConfiguration -> Maybe [S3BucketAclGrantConfiguration]

-- | The proposed bucket policy for the Amazon S3 bucket.
[$sel:bucketPolicy:S3BucketConfiguration'] :: S3BucketConfiguration -> Maybe Text

-- | The proposed block public access configuration for the Amazon S3
--   bucket.
[$sel:bucketPublicAccessBlock:S3BucketConfiguration'] :: S3BucketConfiguration -> Maybe S3PublicAccessBlockConfiguration

-- | Create a value of <a>S3BucketConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accessPoints:S3BucketConfiguration'</a>,
--   <a>s3BucketConfiguration_accessPoints</a> - The configuration of
--   Amazon S3 access points or multi-region access points for the bucket.
--   You can propose up to 10 new access points per bucket.
--   
--   <a>$sel:bucketAclGrants:S3BucketConfiguration'</a>,
--   <a>s3BucketConfiguration_bucketAclGrants</a> - The proposed list of
--   ACL grants for the Amazon S3 bucket. You can propose up to 100 ACL
--   grants per bucket. If the proposed grant configuration is for an
--   existing bucket, the access preview uses the proposed list of grant
--   configurations in place of the existing grants. Otherwise, the access
--   preview uses the existing grants for the bucket.
--   
--   <a>$sel:bucketPolicy:S3BucketConfiguration'</a>,
--   <a>s3BucketConfiguration_bucketPolicy</a> - The proposed bucket policy
--   for the Amazon S3 bucket.
--   
--   <a>$sel:bucketPublicAccessBlock:S3BucketConfiguration'</a>,
--   <a>s3BucketConfiguration_bucketPublicAccessBlock</a> - The proposed
--   block public access configuration for the Amazon S3 bucket.
newS3BucketConfiguration :: S3BucketConfiguration

-- | The configuration of Amazon S3 access points or multi-region access
--   points for the bucket. You can propose up to 10 new access points per
--   bucket.
s3BucketConfiguration_accessPoints :: Lens' S3BucketConfiguration (Maybe (HashMap Text S3AccessPointConfiguration))

-- | The proposed list of ACL grants for the Amazon S3 bucket. You can
--   propose up to 100 ACL grants per bucket. If the proposed grant
--   configuration is for an existing bucket, the access preview uses the
--   proposed list of grant configurations in place of the existing grants.
--   Otherwise, the access preview uses the existing grants for the bucket.
s3BucketConfiguration_bucketAclGrants :: Lens' S3BucketConfiguration (Maybe [S3BucketAclGrantConfiguration])

-- | The proposed bucket policy for the Amazon S3 bucket.
s3BucketConfiguration_bucketPolicy :: Lens' S3BucketConfiguration (Maybe Text)

-- | The proposed block public access configuration for the Amazon S3
--   bucket.
s3BucketConfiguration_bucketPublicAccessBlock :: Lens' S3BucketConfiguration (Maybe S3PublicAccessBlockConfiguration)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.S3BucketConfiguration.S3BucketConfiguration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.S3BucketConfiguration.S3BucketConfiguration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.S3BucketConfiguration.S3BucketConfiguration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.S3BucketConfiguration.S3BucketConfiguration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.S3BucketConfiguration.S3BucketConfiguration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.S3BucketConfiguration.S3BucketConfiguration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.S3BucketConfiguration.S3BucketConfiguration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.S3BucketConfiguration.S3BucketConfiguration


module Amazonka.AccessAnalyzer.Types.Configuration

-- | Access control configuration structures for your resource. You specify
--   the configuration as a type-value pair. You can specify only one type
--   of access control configuration.
--   
--   <i>See:</i> <a>newConfiguration</a> smart constructor.
data Configuration
Configuration' :: Maybe EbsSnapshotConfiguration -> Maybe EcrRepositoryConfiguration -> Maybe EfsFileSystemConfiguration -> Maybe IamRoleConfiguration -> Maybe KmsKeyConfiguration -> Maybe RdsDbClusterSnapshotConfiguration -> Maybe RdsDbSnapshotConfiguration -> Maybe S3BucketConfiguration -> Maybe SecretsManagerSecretConfiguration -> Maybe SnsTopicConfiguration -> Maybe SqsQueueConfiguration -> Configuration

-- | The access control configuration is for an Amazon EBS volume snapshot.
[$sel:ebsSnapshot:Configuration'] :: Configuration -> Maybe EbsSnapshotConfiguration

-- | The access control configuration is for an Amazon ECR repository.
[$sel:ecrRepository:Configuration'] :: Configuration -> Maybe EcrRepositoryConfiguration

-- | The access control configuration is for an Amazon EFS file system.
[$sel:efsFileSystem:Configuration'] :: Configuration -> Maybe EfsFileSystemConfiguration

-- | The access control configuration is for an IAM role.
[$sel:iamRole:Configuration'] :: Configuration -> Maybe IamRoleConfiguration

-- | The access control configuration is for a KMS key.
[$sel:kmsKey:Configuration'] :: Configuration -> Maybe KmsKeyConfiguration

-- | The access control configuration is for an Amazon RDS DB cluster
--   snapshot.
[$sel:rdsDbClusterSnapshot:Configuration'] :: Configuration -> Maybe RdsDbClusterSnapshotConfiguration

-- | The access control configuration is for an Amazon RDS DB snapshot.
[$sel:rdsDbSnapshot:Configuration'] :: Configuration -> Maybe RdsDbSnapshotConfiguration

-- | The access control configuration is for an Amazon S3 Bucket.
[$sel:s3Bucket:Configuration'] :: Configuration -> Maybe S3BucketConfiguration

-- | The access control configuration is for a Secrets Manager secret.
[$sel:secretsManagerSecret:Configuration'] :: Configuration -> Maybe SecretsManagerSecretConfiguration

-- | The access control configuration is for an Amazon SNS topic
[$sel:snsTopic:Configuration'] :: Configuration -> Maybe SnsTopicConfiguration

-- | The access control configuration is for an Amazon SQS queue.
[$sel:sqsQueue:Configuration'] :: Configuration -> Maybe SqsQueueConfiguration

-- | Create a value of <a>Configuration</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:ebsSnapshot:Configuration'</a>,
--   <a>configuration_ebsSnapshot</a> - The access control configuration is
--   for an Amazon EBS volume snapshot.
--   
--   <a>$sel:ecrRepository:Configuration'</a>,
--   <a>configuration_ecrRepository</a> - The access control configuration
--   is for an Amazon ECR repository.
--   
--   <a>$sel:efsFileSystem:Configuration'</a>,
--   <a>configuration_efsFileSystem</a> - The access control configuration
--   is for an Amazon EFS file system.
--   
--   <a>$sel:iamRole:Configuration'</a>, <a>configuration_iamRole</a> - The
--   access control configuration is for an IAM role.
--   
--   <a>$sel:kmsKey:Configuration'</a>, <a>configuration_kmsKey</a> - The
--   access control configuration is for a KMS key.
--   
--   <a>$sel:rdsDbClusterSnapshot:Configuration'</a>,
--   <a>configuration_rdsDbClusterSnapshot</a> - The access control
--   configuration is for an Amazon RDS DB cluster snapshot.
--   
--   <a>$sel:rdsDbSnapshot:Configuration'</a>,
--   <a>configuration_rdsDbSnapshot</a> - The access control configuration
--   is for an Amazon RDS DB snapshot.
--   
--   <a>$sel:s3Bucket:Configuration'</a>, <a>configuration_s3Bucket</a> -
--   The access control configuration is for an Amazon S3 Bucket.
--   
--   <a>$sel:secretsManagerSecret:Configuration'</a>,
--   <a>configuration_secretsManagerSecret</a> - The access control
--   configuration is for a Secrets Manager secret.
--   
--   <a>$sel:snsTopic:Configuration'</a>, <a>configuration_snsTopic</a> -
--   The access control configuration is for an Amazon SNS topic
--   
--   <a>$sel:sqsQueue:Configuration'</a>, <a>configuration_sqsQueue</a> -
--   The access control configuration is for an Amazon SQS queue.
newConfiguration :: Configuration

-- | The access control configuration is for an Amazon EBS volume snapshot.
configuration_ebsSnapshot :: Lens' Configuration (Maybe EbsSnapshotConfiguration)

-- | The access control configuration is for an Amazon ECR repository.
configuration_ecrRepository :: Lens' Configuration (Maybe EcrRepositoryConfiguration)

-- | The access control configuration is for an Amazon EFS file system.
configuration_efsFileSystem :: Lens' Configuration (Maybe EfsFileSystemConfiguration)

-- | The access control configuration is for an IAM role.
configuration_iamRole :: Lens' Configuration (Maybe IamRoleConfiguration)

-- | The access control configuration is for a KMS key.
configuration_kmsKey :: Lens' Configuration (Maybe KmsKeyConfiguration)

-- | The access control configuration is for an Amazon RDS DB cluster
--   snapshot.
configuration_rdsDbClusterSnapshot :: Lens' Configuration (Maybe RdsDbClusterSnapshotConfiguration)

-- | The access control configuration is for an Amazon RDS DB snapshot.
configuration_rdsDbSnapshot :: Lens' Configuration (Maybe RdsDbSnapshotConfiguration)

-- | The access control configuration is for an Amazon S3 Bucket.
configuration_s3Bucket :: Lens' Configuration (Maybe S3BucketConfiguration)

-- | The access control configuration is for a Secrets Manager secret.
configuration_secretsManagerSecret :: Lens' Configuration (Maybe SecretsManagerSecretConfiguration)

-- | The access control configuration is for an Amazon SNS topic
configuration_snsTopic :: Lens' Configuration (Maybe SnsTopicConfiguration)

-- | The access control configuration is for an Amazon SQS queue.
configuration_sqsQueue :: Lens' Configuration (Maybe SqsQueueConfiguration)
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.Configuration.Configuration
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.Configuration.Configuration
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.Configuration.Configuration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.Configuration.Configuration
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.Configuration.Configuration
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.Configuration.Configuration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.Configuration.Configuration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.Types.Configuration.Configuration


module Amazonka.AccessAnalyzer.Types.AccessPreview

-- | Contains information about an access preview.
--   
--   <i>See:</i> <a>newAccessPreview</a> smart constructor.
data AccessPreview
AccessPreview' :: Maybe AccessPreviewStatusReason -> Text -> Text -> HashMap Text Configuration -> ISO8601 -> AccessPreviewStatus -> AccessPreview

-- | Provides more details about the current status of the access preview.
--   
--   For example, if the creation of the access preview fails, a
--   <tt>Failed</tt> status is returned. This failure can be due to an
--   internal issue with the analysis or due to an invalid resource
--   configuration.
[$sel:statusReason:AccessPreview'] :: AccessPreview -> Maybe AccessPreviewStatusReason

-- | The unique ID for the access preview.
[$sel:id:AccessPreview'] :: AccessPreview -> Text

-- | The ARN of the analyzer used to generate the access preview.
[$sel:analyzerArn:AccessPreview'] :: AccessPreview -> Text

-- | A map of resource ARNs for the proposed resource configuration.
[$sel:configurations:AccessPreview'] :: AccessPreview -> HashMap Text Configuration

-- | The time at which the access preview was created.
[$sel:createdAt:AccessPreview'] :: AccessPreview -> ISO8601

-- | The status of the access preview.
--   
--   <ul>
--   <li><tt>Creating</tt> - The access preview creation is in
--   progress.</li>
--   <li><tt>Completed</tt> - The access preview is complete. You can
--   preview findings for external access to the resource.</li>
--   <li><tt>Failed</tt> - The access preview creation has failed.</li>
--   </ul>
[$sel:status:AccessPreview'] :: AccessPreview -> AccessPreviewStatus

-- | Create a value of <a>AccessPreview</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:statusReason:AccessPreview'</a>,
--   <a>accessPreview_statusReason</a> - Provides more details about the
--   current status of the access preview.
--   
--   For example, if the creation of the access preview fails, a
--   <tt>Failed</tt> status is returned. This failure can be due to an
--   internal issue with the analysis or due to an invalid resource
--   configuration.
--   
--   <a>$sel:id:AccessPreview'</a>, <a>accessPreview_id</a> - The unique ID
--   for the access preview.
--   
--   <a>$sel:analyzerArn:AccessPreview'</a>,
--   <a>accessPreview_analyzerArn</a> - The ARN of the analyzer used to
--   generate the access preview.
--   
--   <a>$sel:configurations:AccessPreview'</a>,
--   <a>accessPreview_configurations</a> - A map of resource ARNs for the
--   proposed resource configuration.
--   
--   <a>$sel:createdAt:AccessPreview'</a>, <a>accessPreview_createdAt</a> -
--   The time at which the access preview was created.
--   
--   <a>$sel:status:AccessPreview'</a>, <a>accessPreview_status</a> - The
--   status of the access preview.
--   
--   <ul>
--   <li><tt>Creating</tt> - The access preview creation is in
--   progress.</li>
--   <li><tt>Completed</tt> - The access preview is complete. You can
--   preview findings for external access to the resource.</li>
--   <li><tt>Failed</tt> - The access preview creation has failed.</li>
--   </ul>
newAccessPreview :: Text -> Text -> UTCTime -> AccessPreviewStatus -> AccessPreview

-- | Provides more details about the current status of the access preview.
--   
--   For example, if the creation of the access preview fails, a
--   <tt>Failed</tt> status is returned. This failure can be due to an
--   internal issue with the analysis or due to an invalid resource
--   configuration.
accessPreview_statusReason :: Lens' AccessPreview (Maybe AccessPreviewStatusReason)

-- | The unique ID for the access preview.
accessPreview_id :: Lens' AccessPreview Text

-- | The ARN of the analyzer used to generate the access preview.
accessPreview_analyzerArn :: Lens' AccessPreview Text

-- | A map of resource ARNs for the proposed resource configuration.
accessPreview_configurations :: Lens' AccessPreview (HashMap Text Configuration)

-- | The time at which the access preview was created.
accessPreview_createdAt :: Lens' AccessPreview UTCTime

-- | The status of the access preview.
--   
--   <ul>
--   <li><tt>Creating</tt> - The access preview creation is in
--   progress.</li>
--   <li><tt>Completed</tt> - The access preview is complete. You can
--   preview findings for external access to the resource.</li>
--   <li><tt>Failed</tt> - The access preview creation has failed.</li>
--   </ul>
accessPreview_status :: Lens' AccessPreview AccessPreviewStatus
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.Types.AccessPreview.AccessPreview
instance GHC.Show.Show Amazonka.AccessAnalyzer.Types.AccessPreview.AccessPreview
instance GHC.Read.Read Amazonka.AccessAnalyzer.Types.AccessPreview.AccessPreview
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.Types.AccessPreview.AccessPreview
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.AccessAnalyzer.Types.AccessPreview.AccessPreview
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.Types.AccessPreview.AccessPreview
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.Types.AccessPreview.AccessPreview


module Amazonka.AccessAnalyzer.Types

-- | API version <tt>2019-11-01</tt> of the Amazon Access Analyzer SDK
--   configuration.
defaultService :: Service

-- | You do not have sufficient access to perform this action.
_AccessDeniedException :: AsError a => Fold a ServiceError

-- | A conflict exception error.
_ConflictException :: AsError a => Fold a ServiceError

-- | Internal server error.
_InternalServerException :: AsError a => Fold a ServiceError

-- | The specified resource could not be found.
_ResourceNotFoundException :: AsError a => Fold a ServiceError

-- | Service quote met error.
_ServiceQuotaExceededException :: AsError a => Fold a ServiceError

-- | Throttling limit exceeded error.
_ThrottlingException :: AsError a => Fold a ServiceError

-- | Validation exception error.
_ValidationException :: AsError a => Fold a ServiceError
newtype AccessPreviewStatus
AccessPreviewStatus' :: Text -> AccessPreviewStatus
[fromAccessPreviewStatus] :: AccessPreviewStatus -> Text
pattern AccessPreviewStatus_COMPLETED :: AccessPreviewStatus
pattern AccessPreviewStatus_CREATING :: AccessPreviewStatus
pattern AccessPreviewStatus_FAILED :: AccessPreviewStatus
newtype AccessPreviewStatusReasonCode
AccessPreviewStatusReasonCode' :: Text -> AccessPreviewStatusReasonCode
[fromAccessPreviewStatusReasonCode] :: AccessPreviewStatusReasonCode -> Text
pattern AccessPreviewStatusReasonCode_INTERNAL_ERROR :: AccessPreviewStatusReasonCode
pattern AccessPreviewStatusReasonCode_INVALID_CONFIGURATION :: AccessPreviewStatusReasonCode
newtype AclPermission
AclPermission' :: Text -> AclPermission
[fromAclPermission] :: AclPermission -> Text
pattern AclPermission_FULL_CONTROL :: AclPermission
pattern AclPermission_READ :: AclPermission
pattern AclPermission_READ_ACP :: AclPermission
pattern AclPermission_WRITE :: AclPermission
pattern AclPermission_WRITE_ACP :: AclPermission
newtype AnalyzerStatus
AnalyzerStatus' :: Text -> AnalyzerStatus
[fromAnalyzerStatus] :: AnalyzerStatus -> Text
pattern AnalyzerStatus_ACTIVE :: AnalyzerStatus
pattern AnalyzerStatus_CREATING :: AnalyzerStatus
pattern AnalyzerStatus_DISABLED :: AnalyzerStatus
pattern AnalyzerStatus_FAILED :: AnalyzerStatus
newtype FindingChangeType
FindingChangeType' :: Text -> FindingChangeType
[fromFindingChangeType] :: FindingChangeType -> Text
pattern FindingChangeType_CHANGED :: FindingChangeType
pattern FindingChangeType_NEW :: FindingChangeType
pattern FindingChangeType_UNCHANGED :: FindingChangeType
newtype FindingSourceType
FindingSourceType' :: Text -> FindingSourceType
[fromFindingSourceType] :: FindingSourceType -> Text
pattern FindingSourceType_BUCKET_ACL :: FindingSourceType
pattern FindingSourceType_POLICY :: FindingSourceType
pattern FindingSourceType_S3_ACCESS_POINT :: FindingSourceType
pattern FindingSourceType_S3_ACCESS_POINT_ACCOUNT :: FindingSourceType
newtype FindingStatus
FindingStatus' :: Text -> FindingStatus
[fromFindingStatus] :: FindingStatus -> Text
pattern FindingStatus_ACTIVE :: FindingStatus
pattern FindingStatus_ARCHIVED :: FindingStatus
pattern FindingStatus_RESOLVED :: FindingStatus
newtype FindingStatusUpdate
FindingStatusUpdate' :: Text -> FindingStatusUpdate
[fromFindingStatusUpdate] :: FindingStatusUpdate -> Text
pattern FindingStatusUpdate_ACTIVE :: FindingStatusUpdate
pattern FindingStatusUpdate_ARCHIVED :: FindingStatusUpdate
newtype JobErrorCode
JobErrorCode' :: Text -> JobErrorCode
[fromJobErrorCode] :: JobErrorCode -> Text
pattern JobErrorCode_AUTHORIZATION_ERROR :: JobErrorCode
pattern JobErrorCode_RESOURCE_NOT_FOUND_ERROR :: JobErrorCode
pattern JobErrorCode_SERVICE_ERROR :: JobErrorCode
pattern JobErrorCode_SERVICE_QUOTA_EXCEEDED_ERROR :: JobErrorCode
newtype JobStatus
JobStatus' :: Text -> JobStatus
[fromJobStatus] :: JobStatus -> Text
pattern JobStatus_CANCELED :: JobStatus
pattern JobStatus_FAILED :: JobStatus
pattern JobStatus_IN_PROGRESS :: JobStatus
pattern JobStatus_SUCCEEDED :: JobStatus
newtype KmsGrantOperation
KmsGrantOperation' :: Text -> KmsGrantOperation
[fromKmsGrantOperation] :: KmsGrantOperation -> Text
pattern KmsGrantOperation_CreateGrant :: KmsGrantOperation
pattern KmsGrantOperation_Decrypt :: KmsGrantOperation
pattern KmsGrantOperation_DescribeKey :: KmsGrantOperation
pattern KmsGrantOperation_Encrypt :: KmsGrantOperation
pattern KmsGrantOperation_GenerateDataKey :: KmsGrantOperation
pattern KmsGrantOperation_GenerateDataKeyPair :: KmsGrantOperation
pattern KmsGrantOperation_GenerateDataKeyPairWithoutPlaintext :: KmsGrantOperation
pattern KmsGrantOperation_GenerateDataKeyWithoutPlaintext :: KmsGrantOperation
pattern KmsGrantOperation_GetPublicKey :: KmsGrantOperation
pattern KmsGrantOperation_ReEncryptFrom :: KmsGrantOperation
pattern KmsGrantOperation_ReEncryptTo :: KmsGrantOperation
pattern KmsGrantOperation_RetireGrant :: KmsGrantOperation
pattern KmsGrantOperation_Sign :: KmsGrantOperation
pattern KmsGrantOperation_Verify :: KmsGrantOperation
newtype Locale
Locale' :: Text -> Locale
[fromLocale] :: Locale -> Text
pattern Locale_DE :: Locale
pattern Locale_EN :: Locale
pattern Locale_ES :: Locale
pattern Locale_FR :: Locale
pattern Locale_IT :: Locale
pattern Locale_JA :: Locale
pattern Locale_KO :: Locale
pattern Locale_PT_BR :: Locale
pattern Locale_ZH_CN :: Locale
pattern Locale_ZH_TW :: Locale
newtype OrderBy
OrderBy' :: Text -> OrderBy
[fromOrderBy] :: OrderBy -> Text
pattern OrderBy_ASC :: OrderBy
pattern OrderBy_DESC :: OrderBy
newtype PolicyType
PolicyType' :: Text -> PolicyType
[fromPolicyType] :: PolicyType -> Text
pattern PolicyType_IDENTITY_POLICY :: PolicyType
pattern PolicyType_RESOURCE_POLICY :: PolicyType
pattern PolicyType_SERVICE_CONTROL_POLICY :: PolicyType
newtype ReasonCode
ReasonCode' :: Text -> ReasonCode
[fromReasonCode] :: ReasonCode -> Text
pattern ReasonCode_AWS_SERVICE_ACCESS_DISABLED :: ReasonCode
pattern ReasonCode_DELEGATED_ADMINISTRATOR_DEREGISTERED :: ReasonCode
pattern ReasonCode_ORGANIZATION_DELETED :: ReasonCode
pattern ReasonCode_SERVICE_LINKED_ROLE_CREATION_FAILED :: ReasonCode
newtype ResourceType
ResourceType' :: Text -> ResourceType
[fromResourceType] :: ResourceType -> Text
pattern ResourceType_AWS__EC2__Snapshot :: ResourceType
pattern ResourceType_AWS__ECR__Repository :: ResourceType
pattern ResourceType_AWS__EFS__FileSystem :: ResourceType
pattern ResourceType_AWS__IAM__Role :: ResourceType
pattern ResourceType_AWS__KMS__Key :: ResourceType
pattern ResourceType_AWS__Lambda__Function :: ResourceType
pattern ResourceType_AWS__Lambda__LayerVersion :: ResourceType
pattern ResourceType_AWS__RDS__DBClusterSnapshot :: ResourceType
pattern ResourceType_AWS__RDS__DBSnapshot :: ResourceType
pattern ResourceType_AWS__S3__Bucket :: ResourceType
pattern ResourceType_AWS__SNS__Topic :: ResourceType
pattern ResourceType_AWS__SQS__Queue :: ResourceType
pattern ResourceType_AWS__SecretsManager__Secret :: ResourceType
newtype Type
Type' :: Text -> Type
[fromType] :: Type -> Text
pattern Type_ACCOUNT :: Type
pattern Type_ORGANIZATION :: Type
newtype ValidatePolicyFindingType
ValidatePolicyFindingType' :: Text -> ValidatePolicyFindingType
[fromValidatePolicyFindingType] :: ValidatePolicyFindingType -> Text
pattern ValidatePolicyFindingType_ERROR :: ValidatePolicyFindingType
pattern ValidatePolicyFindingType_SECURITY_WARNING :: ValidatePolicyFindingType
pattern ValidatePolicyFindingType_SUGGESTION :: ValidatePolicyFindingType
pattern ValidatePolicyFindingType_WARNING :: ValidatePolicyFindingType
newtype ValidatePolicyResourceType
ValidatePolicyResourceType' :: Text -> ValidatePolicyResourceType
[fromValidatePolicyResourceType] :: ValidatePolicyResourceType -> Text
pattern ValidatePolicyResourceType_AWS__IAM__AssumeRolePolicyDocument :: ValidatePolicyResourceType
pattern ValidatePolicyResourceType_AWS__S3ObjectLambda__AccessPoint :: ValidatePolicyResourceType
pattern ValidatePolicyResourceType_AWS__S3__AccessPoint :: ValidatePolicyResourceType
pattern ValidatePolicyResourceType_AWS__S3__Bucket :: ValidatePolicyResourceType
pattern ValidatePolicyResourceType_AWS__S3__MultiRegionAccessPoint :: ValidatePolicyResourceType

-- | Contains information about an access preview.
--   
--   <i>See:</i> <a>newAccessPreview</a> smart constructor.
data AccessPreview
AccessPreview' :: Maybe AccessPreviewStatusReason -> Text -> Text -> HashMap Text Configuration -> ISO8601 -> AccessPreviewStatus -> AccessPreview

-- | Provides more details about the current status of the access preview.
--   
--   For example, if the creation of the access preview fails, a
--   <tt>Failed</tt> status is returned. This failure can be due to an
--   internal issue with the analysis or due to an invalid resource
--   configuration.
[$sel:statusReason:AccessPreview'] :: AccessPreview -> Maybe AccessPreviewStatusReason

-- | The unique ID for the access preview.
[$sel:id:AccessPreview'] :: AccessPreview -> Text

-- | The ARN of the analyzer used to generate the access preview.
[$sel:analyzerArn:AccessPreview'] :: AccessPreview -> Text

-- | A map of resource ARNs for the proposed resource configuration.
[$sel:configurations:AccessPreview'] :: AccessPreview -> HashMap Text Configuration

-- | The time at which the access preview was created.
[$sel:createdAt:AccessPreview'] :: AccessPreview -> ISO8601

-- | The status of the access preview.
--   
--   <ul>
--   <li><tt>Creating</tt> - The access preview creation is in
--   progress.</li>
--   <li><tt>Completed</tt> - The access preview is complete. You can
--   preview findings for external access to the resource.</li>
--   <li><tt>Failed</tt> - The access preview creation has failed.</li>
--   </ul>
[$sel:status:AccessPreview'] :: AccessPreview -> AccessPreviewStatus

-- | Create a value of <a>AccessPreview</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:statusReason:AccessPreview'</a>,
--   <a>accessPreview_statusReason</a> - Provides more details about the
--   current status of the access preview.
--   
--   For example, if the creation of the access preview fails, a
--   <tt>Failed</tt> status is returned. This failure can be due to an
--   internal issue with the analysis or due to an invalid resource
--   configuration.
--   
--   <a>$sel:id:AccessPreview'</a>, <a>accessPreview_id</a> - The unique ID
--   for the access preview.
--   
--   <a>$sel:analyzerArn:AccessPreview'</a>,
--   <a>accessPreview_analyzerArn</a> - The ARN of the analyzer used to
--   generate the access preview.
--   
--   <a>$sel:configurations:AccessPreview'</a>,
--   <a>accessPreview_configurations</a> - A map of resource ARNs for the
--   proposed resource configuration.
--   
--   <a>$sel:createdAt:AccessPreview'</a>, <a>accessPreview_createdAt</a> -
--   The time at which the access preview was created.
--   
--   <a>$sel:status:AccessPreview'</a>, <a>accessPreview_status</a> - The
--   status of the access preview.
--   
--   <ul>
--   <li><tt>Creating</tt> - The access preview creation is in
--   progress.</li>
--   <li><tt>Completed</tt> - The access preview is complete. You can
--   preview findings for external access to the resource.</li>
--   <li><tt>Failed</tt> - The access preview creation has failed.</li>
--   </ul>
newAccessPreview :: Text -> Text -> UTCTime -> AccessPreviewStatus -> AccessPreview

-- | Provides more details about the current status of the access preview.
--   
--   For example, if the creation of the access preview fails, a
--   <tt>Failed</tt> status is returned. This failure can be due to an
--   internal issue with the analysis or due to an invalid resource
--   configuration.
accessPreview_statusReason :: Lens' AccessPreview (Maybe AccessPreviewStatusReason)

-- | The unique ID for the access preview.
accessPreview_id :: Lens' AccessPreview Text

-- | The ARN of the analyzer used to generate the access preview.
accessPreview_analyzerArn :: Lens' AccessPreview Text

-- | A map of resource ARNs for the proposed resource configuration.
accessPreview_configurations :: Lens' AccessPreview (HashMap Text Configuration)

-- | The time at which the access preview was created.
accessPreview_createdAt :: Lens' AccessPreview UTCTime

-- | The status of the access preview.
--   
--   <ul>
--   <li><tt>Creating</tt> - The access preview creation is in
--   progress.</li>
--   <li><tt>Completed</tt> - The access preview is complete. You can
--   preview findings for external access to the resource.</li>
--   <li><tt>Failed</tt> - The access preview creation has failed.</li>
--   </ul>
accessPreview_status :: Lens' AccessPreview AccessPreviewStatus

-- | An access preview finding generated by the access preview.
--   
--   <i>See:</i> <a>newAccessPreviewFinding</a> smart constructor.
data AccessPreviewFinding
AccessPreviewFinding' :: Maybe [Text] -> Maybe (HashMap Text Text) -> Maybe Text -> Maybe Text -> Maybe FindingStatus -> Maybe Bool -> Maybe (HashMap Text Text) -> Maybe Text -> Maybe [FindingSource] -> Text -> ResourceType -> ISO8601 -> FindingChangeType -> FindingStatus -> Text -> AccessPreviewFinding

-- | The action in the analyzed policy statement that an external principal
--   has permission to perform.
[$sel:action:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe [Text]

-- | The condition in the analyzed policy statement that resulted in a
--   finding.
[$sel:condition:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe (HashMap Text Text)

-- | An error.
[$sel:error:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe Text

-- | The existing ID of the finding in IAM Access Analyzer, provided only
--   for existing findings.
[$sel:existingFindingId:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe Text

-- | The existing status of the finding, provided only for existing
--   findings.
[$sel:existingFindingStatus:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe FindingStatus

-- | Indicates whether the policy that generated the finding allows public
--   access to the resource.
[$sel:isPublic:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe Bool

-- | The external principal that has access to a resource within the zone
--   of trust.
[$sel:principal:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe (HashMap Text Text)

-- | The resource that an external principal has access to. This is the
--   resource associated with the access preview.
[$sel:resource:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe Text

-- | The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
[$sel:sources:AccessPreviewFinding'] :: AccessPreviewFinding -> Maybe [FindingSource]

-- | The ID of the access preview finding. This ID uniquely identifies the
--   element in the list of access preview findings and is not related to
--   the finding ID in Access Analyzer.
[$sel:id:AccessPreviewFinding'] :: AccessPreviewFinding -> Text

-- | The type of the resource that can be accessed in the finding.
[$sel:resourceType:AccessPreviewFinding'] :: AccessPreviewFinding -> ResourceType

-- | The time at which the access preview finding was created.
[$sel:createdAt:AccessPreviewFinding'] :: AccessPreviewFinding -> ISO8601

-- | Provides context on how the access preview finding compares to
--   existing access identified in IAM Access Analyzer.
--   
--   <ul>
--   <li><tt>New</tt> - The finding is for newly-introduced access.</li>
--   <li><tt>Unchanged</tt> - The preview finding is an existing finding
--   that would remain unchanged.</li>
--   <li><tt>Changed</tt> - The preview finding is an existing finding with
--   a change in status.</li>
--   </ul>
--   
--   For example, a <tt>Changed</tt> finding with preview status
--   <tt>Resolved</tt> and existing status <tt>Active</tt> indicates the
--   existing <tt>Active</tt> finding would become <tt>Resolved</tt> as a
--   result of the proposed permissions change.
[$sel:changeType:AccessPreviewFinding'] :: AccessPreviewFinding -> FindingChangeType

-- | The preview status of the finding. This is what the status of the
--   finding would be after permissions deployment. For example, a
--   <tt>Changed</tt> finding with preview status <tt>Resolved</tt> and
--   existing status <tt>Active</tt> indicates the existing <tt>Active</tt>
--   finding would become <tt>Resolved</tt> as a result of the proposed
--   permissions change.
[$sel:status:AccessPreviewFinding'] :: AccessPreviewFinding -> FindingStatus

-- | The Amazon Web Services account ID that owns the resource. For most
--   Amazon Web Services resources, the owning account is the account in
--   which the resource was created.
[$sel:resourceOwnerAccount:AccessPreviewFinding'] :: AccessPreviewFinding -> Text

-- | Create a value of <a>AccessPreviewFinding</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:action:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_action</a> - The action in the analyzed policy
--   statement that an external principal has permission to perform.
--   
--   <a>$sel:condition:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_condition</a> - The condition in the analyzed
--   policy statement that resulted in a finding.
--   
--   <a>$sel:error:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_error</a> - An error.
--   
--   <a>$sel:existingFindingId:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_existingFindingId</a> - The existing ID of the
--   finding in IAM Access Analyzer, provided only for existing findings.
--   
--   <a>$sel:existingFindingStatus:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_existingFindingStatus</a> - The existing
--   status of the finding, provided only for existing findings.
--   
--   <a>$sel:isPublic:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_isPublic</a> - Indicates whether the policy
--   that generated the finding allows public access to the resource.
--   
--   <a>$sel:principal:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_principal</a> - The external principal that
--   has access to a resource within the zone of trust.
--   
--   <a>$sel:resource:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_resource</a> - The resource that an external
--   principal has access to. This is the resource associated with the
--   access preview.
--   
--   <a>$sel:sources:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_sources</a> - The sources of the finding. This
--   indicates how the access that generated the finding is granted. It is
--   populated for Amazon S3 bucket findings.
--   
--   <a>$sel:id:AccessPreviewFinding'</a>, <a>accessPreviewFinding_id</a> -
--   The ID of the access preview finding. This ID uniquely identifies the
--   element in the list of access preview findings and is not related to
--   the finding ID in Access Analyzer.
--   
--   <a>$sel:resourceType:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_resourceType</a> - The type of the resource
--   that can be accessed in the finding.
--   
--   <a>$sel:createdAt:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_createdAt</a> - The time at which the access
--   preview finding was created.
--   
--   <a>$sel:changeType:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_changeType</a> - Provides context on how the
--   access preview finding compares to existing access identified in IAM
--   Access Analyzer.
--   
--   <ul>
--   <li><tt>New</tt> - The finding is for newly-introduced access.</li>
--   <li><tt>Unchanged</tt> - The preview finding is an existing finding
--   that would remain unchanged.</li>
--   <li><tt>Changed</tt> - The preview finding is an existing finding with
--   a change in status.</li>
--   </ul>
--   
--   For example, a <tt>Changed</tt> finding with preview status
--   <tt>Resolved</tt> and existing status <tt>Active</tt> indicates the
--   existing <tt>Active</tt> finding would become <tt>Resolved</tt> as a
--   result of the proposed permissions change.
--   
--   <a>$sel:status:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_status</a> - The preview status of the
--   finding. This is what the status of the finding would be after
--   permissions deployment. For example, a <tt>Changed</tt> finding with
--   preview status <tt>Resolved</tt> and existing status <tt>Active</tt>
--   indicates the existing <tt>Active</tt> finding would become
--   <tt>Resolved</tt> as a result of the proposed permissions change.
--   
--   <a>$sel:resourceOwnerAccount:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_resourceOwnerAccount</a> - The Amazon Web
--   Services account ID that owns the resource. For most Amazon Web
--   Services resources, the owning account is the account in which the
--   resource was created.
newAccessPreviewFinding :: Text -> ResourceType -> UTCTime -> FindingChangeType -> FindingStatus -> Text -> AccessPreviewFinding

-- | The action in the analyzed policy statement that an external principal
--   has permission to perform.
accessPreviewFinding_action :: Lens' AccessPreviewFinding (Maybe [Text])

-- | The condition in the analyzed policy statement that resulted in a
--   finding.
accessPreviewFinding_condition :: Lens' AccessPreviewFinding (Maybe (HashMap Text Text))

-- | An error.
accessPreviewFinding_error :: Lens' AccessPreviewFinding (Maybe Text)

-- | The existing ID of the finding in IAM Access Analyzer, provided only
--   for existing findings.
accessPreviewFinding_existingFindingId :: Lens' AccessPreviewFinding (Maybe Text)

-- | The existing status of the finding, provided only for existing
--   findings.
accessPreviewFinding_existingFindingStatus :: Lens' AccessPreviewFinding (Maybe FindingStatus)

-- | Indicates whether the policy that generated the finding allows public
--   access to the resource.
accessPreviewFinding_isPublic :: Lens' AccessPreviewFinding (Maybe Bool)

-- | The external principal that has access to a resource within the zone
--   of trust.
accessPreviewFinding_principal :: Lens' AccessPreviewFinding (Maybe (HashMap Text Text))

-- | The resource that an external principal has access to. This is the
--   resource associated with the access preview.
accessPreviewFinding_resource :: Lens' AccessPreviewFinding (Maybe Text)

-- | The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
accessPreviewFinding_sources :: Lens' AccessPreviewFinding (Maybe [FindingSource])

-- | The ID of the access preview finding. This ID uniquely identifies the
--   element in the list of access preview findings and is not related to
--   the finding ID in Access Analyzer.
accessPreviewFinding_id :: Lens' AccessPreviewFinding Text

-- | The type of the resource that can be accessed in the finding.
accessPreviewFinding_resourceType :: Lens' AccessPreviewFinding ResourceType

-- | The time at which the access preview finding was created.
accessPreviewFinding_createdAt :: Lens' AccessPreviewFinding UTCTime

-- | Provides context on how the access preview finding compares to
--   existing access identified in IAM Access Analyzer.
--   
--   <ul>
--   <li><tt>New</tt> - The finding is for newly-introduced access.</li>
--   <li><tt>Unchanged</tt> - The preview finding is an existing finding
--   that would remain unchanged.</li>
--   <li><tt>Changed</tt> - The preview finding is an existing finding with
--   a change in status.</li>
--   </ul>
--   
--   For example, a <tt>Changed</tt> finding with preview status
--   <tt>Resolved</tt> and existing status <tt>Active</tt> indicates the
--   existing <tt>Active</tt> finding would become <tt>Resolved</tt> as a
--   result of the proposed permissions change.
accessPreviewFinding_changeType :: Lens' AccessPreviewFinding FindingChangeType

-- | The preview status of the finding. This is what the status of the
--   finding would be after permissions deployment. For example, a
--   <tt>Changed</tt> finding with preview status <tt>Resolved</tt> and
--   existing status <tt>Active</tt> indicates the existing <tt>Active</tt>
--   finding would become <tt>Resolved</tt> as a result of the proposed
--   permissions change.
accessPreviewFinding_status :: Lens' AccessPreviewFinding FindingStatus

-- | The Amazon Web Services account ID that owns the resource. For most
--   Amazon Web Services resources, the owning account is the account in
--   which the resource was created.
accessPreviewFinding_resourceOwnerAccount :: Lens' AccessPreviewFinding Text

-- | Provides more details about the current status of the access preview.
--   For example, if the creation of the access preview fails, a
--   <tt>Failed</tt> status is returned. This failure can be due to an
--   internal issue with the analysis or due to an invalid proposed
--   resource configuration.
--   
--   <i>See:</i> <a>newAccessPreviewStatusReason</a> smart constructor.
data AccessPreviewStatusReason
AccessPreviewStatusReason' :: AccessPreviewStatusReasonCode -> AccessPreviewStatusReason

-- | The reason code for the current status of the access preview.
[$sel:code:AccessPreviewStatusReason'] :: AccessPreviewStatusReason -> AccessPreviewStatusReasonCode

-- | Create a value of <a>AccessPreviewStatusReason</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:code:AccessPreviewStatusReason'</a>,
--   <a>accessPreviewStatusReason_code</a> - The reason code for the
--   current status of the access preview.
newAccessPreviewStatusReason :: AccessPreviewStatusReasonCode -> AccessPreviewStatusReason

-- | The reason code for the current status of the access preview.
accessPreviewStatusReason_code :: Lens' AccessPreviewStatusReason AccessPreviewStatusReasonCode

-- | Contains a summary of information about an access preview.
--   
--   <i>See:</i> <a>newAccessPreviewSummary</a> smart constructor.
data AccessPreviewSummary
AccessPreviewSummary' :: Maybe AccessPreviewStatusReason -> Text -> Text -> ISO8601 -> AccessPreviewStatus -> AccessPreviewSummary
[$sel:statusReason:AccessPreviewSummary'] :: AccessPreviewSummary -> Maybe AccessPreviewStatusReason

-- | The unique ID for the access preview.
[$sel:id:AccessPreviewSummary'] :: AccessPreviewSummary -> Text

-- | The ARN of the analyzer used to generate the access preview.
[$sel:analyzerArn:AccessPreviewSummary'] :: AccessPreviewSummary -> Text

-- | The time at which the access preview was created.
[$sel:createdAt:AccessPreviewSummary'] :: AccessPreviewSummary -> ISO8601

-- | The status of the access preview.
--   
--   <ul>
--   <li><tt>Creating</tt> - The access preview creation is in
--   progress.</li>
--   <li><tt>Completed</tt> - The access preview is complete and previews
--   the findings for external access to the resource.</li>
--   <li><tt>Failed</tt> - The access preview creation has failed.</li>
--   </ul>
[$sel:status:AccessPreviewSummary'] :: AccessPreviewSummary -> AccessPreviewStatus

-- | Create a value of <a>AccessPreviewSummary</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:statusReason:AccessPreviewSummary'</a>,
--   <a>accessPreviewSummary_statusReason</a> - Undocumented member.
--   
--   <a>$sel:id:AccessPreviewSummary'</a>, <a>accessPreviewSummary_id</a> -
--   The unique ID for the access preview.
--   
--   <a>$sel:analyzerArn:AccessPreviewSummary'</a>,
--   <a>accessPreviewSummary_analyzerArn</a> - The ARN of the analyzer used
--   to generate the access preview.
--   
--   <a>$sel:createdAt:AccessPreviewSummary'</a>,
--   <a>accessPreviewSummary_createdAt</a> - The time at which the access
--   preview was created.
--   
--   <a>$sel:status:AccessPreviewSummary'</a>,
--   <a>accessPreviewSummary_status</a> - The status of the access preview.
--   
--   <ul>
--   <li><tt>Creating</tt> - The access preview creation is in
--   progress.</li>
--   <li><tt>Completed</tt> - The access preview is complete and previews
--   the findings for external access to the resource.</li>
--   <li><tt>Failed</tt> - The access preview creation has failed.</li>
--   </ul>
newAccessPreviewSummary :: Text -> Text -> UTCTime -> AccessPreviewStatus -> AccessPreviewSummary

-- | Undocumented member.
accessPreviewSummary_statusReason :: Lens' AccessPreviewSummary (Maybe AccessPreviewStatusReason)

-- | The unique ID for the access preview.
accessPreviewSummary_id :: Lens' AccessPreviewSummary Text

-- | The ARN of the analyzer used to generate the access preview.
accessPreviewSummary_analyzerArn :: Lens' AccessPreviewSummary Text

-- | The time at which the access preview was created.
accessPreviewSummary_createdAt :: Lens' AccessPreviewSummary UTCTime

-- | The status of the access preview.
--   
--   <ul>
--   <li><tt>Creating</tt> - The access preview creation is in
--   progress.</li>
--   <li><tt>Completed</tt> - The access preview is complete and previews
--   the findings for external access to the resource.</li>
--   <li><tt>Failed</tt> - The access preview creation has failed.</li>
--   </ul>
accessPreviewSummary_status :: Lens' AccessPreviewSummary AccessPreviewStatus

-- | You specify each grantee as a type-value pair using one of these
--   types. You can specify only one type of grantee. For more information,
--   see <a>PutBucketAcl</a>.
--   
--   <i>See:</i> <a>newAclGrantee</a> smart constructor.
data AclGrantee
AclGrantee' :: Maybe Text -> Maybe Text -> AclGrantee

-- | The value specified is the canonical user ID of an Amazon Web Services
--   account.
[$sel:id:AclGrantee'] :: AclGrantee -> Maybe Text

-- | Used for granting permissions to a predefined group.
[$sel:uri:AclGrantee'] :: AclGrantee -> Maybe Text

-- | Create a value of <a>AclGrantee</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:id:AclGrantee'</a>, <a>aclGrantee_id</a> - The value specified
--   is the canonical user ID of an Amazon Web Services account.
--   
--   <a>$sel:uri:AclGrantee'</a>, <a>aclGrantee_uri</a> - Used for granting
--   permissions to a predefined group.
newAclGrantee :: AclGrantee

-- | The value specified is the canonical user ID of an Amazon Web Services
--   account.
aclGrantee_id :: Lens' AclGrantee (Maybe Text)

-- | Used for granting permissions to a predefined group.
aclGrantee_uri :: Lens' AclGrantee (Maybe Text)

-- | Contains details about the analyzed resource.
--   
--   <i>See:</i> <a>newAnalyzedResource</a> smart constructor.
data AnalyzedResource
AnalyzedResource' :: Maybe [Text] -> Maybe Text -> Maybe [Text] -> Maybe FindingStatus -> Text -> ResourceType -> ISO8601 -> ISO8601 -> ISO8601 -> Bool -> Text -> AnalyzedResource

-- | The actions that an external principal is granted permission to use by
--   the policy that generated the finding.
[$sel:actions:AnalyzedResource'] :: AnalyzedResource -> Maybe [Text]

-- | An error message.
[$sel:error:AnalyzedResource'] :: AnalyzedResource -> Maybe Text

-- | Indicates how the access that generated the finding is granted. This
--   is populated for Amazon S3 bucket findings.
[$sel:sharedVia:AnalyzedResource'] :: AnalyzedResource -> Maybe [Text]

-- | The current status of the finding generated from the analyzed
--   resource.
[$sel:status:AnalyzedResource'] :: AnalyzedResource -> Maybe FindingStatus

-- | The ARN of the resource that was analyzed.
[$sel:resourceArn:AnalyzedResource'] :: AnalyzedResource -> Text

-- | The type of the resource that was analyzed.
[$sel:resourceType:AnalyzedResource'] :: AnalyzedResource -> ResourceType

-- | The time at which the finding was created.
[$sel:createdAt:AnalyzedResource'] :: AnalyzedResource -> ISO8601

-- | The time at which the resource was analyzed.
[$sel:analyzedAt:AnalyzedResource'] :: AnalyzedResource -> ISO8601

-- | The time at which the finding was updated.
[$sel:updatedAt:AnalyzedResource'] :: AnalyzedResource -> ISO8601

-- | Indicates whether the policy that generated the finding grants public
--   access to the resource.
[$sel:isPublic:AnalyzedResource'] :: AnalyzedResource -> Bool

-- | The Amazon Web Services account ID that owns the resource.
[$sel:resourceOwnerAccount:AnalyzedResource'] :: AnalyzedResource -> Text

-- | Create a value of <a>AnalyzedResource</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:actions:AnalyzedResource'</a>, <a>analyzedResource_actions</a>
--   - The actions that an external principal is granted permission to use
--   by the policy that generated the finding.
--   
--   <a>$sel:error:AnalyzedResource'</a>, <a>analyzedResource_error</a> -
--   An error message.
--   
--   <a>$sel:sharedVia:AnalyzedResource'</a>,
--   <a>analyzedResource_sharedVia</a> - Indicates how the access that
--   generated the finding is granted. This is populated for Amazon S3
--   bucket findings.
--   
--   <a>$sel:status:AnalyzedResource'</a>, <a>analyzedResource_status</a> -
--   The current status of the finding generated from the analyzed
--   resource.
--   
--   <a>$sel:resourceArn:AnalyzedResource'</a>,
--   <a>analyzedResource_resourceArn</a> - The ARN of the resource that was
--   analyzed.
--   
--   <a>$sel:resourceType:AnalyzedResource'</a>,
--   <a>analyzedResource_resourceType</a> - The type of the resource that
--   was analyzed.
--   
--   <a>$sel:createdAt:AnalyzedResource'</a>,
--   <a>analyzedResource_createdAt</a> - The time at which the finding was
--   created.
--   
--   <a>$sel:analyzedAt:AnalyzedResource'</a>,
--   <a>analyzedResource_analyzedAt</a> - The time at which the resource
--   was analyzed.
--   
--   <a>$sel:updatedAt:AnalyzedResource'</a>,
--   <a>analyzedResource_updatedAt</a> - The time at which the finding was
--   updated.
--   
--   <a>$sel:isPublic:AnalyzedResource'</a>,
--   <a>analyzedResource_isPublic</a> - Indicates whether the policy that
--   generated the finding grants public access to the resource.
--   
--   <a>$sel:resourceOwnerAccount:AnalyzedResource'</a>,
--   <a>analyzedResource_resourceOwnerAccount</a> - The Amazon Web Services
--   account ID that owns the resource.
newAnalyzedResource :: Text -> ResourceType -> UTCTime -> UTCTime -> UTCTime -> Bool -> Text -> AnalyzedResource

-- | The actions that an external principal is granted permission to use by
--   the policy that generated the finding.
analyzedResource_actions :: Lens' AnalyzedResource (Maybe [Text])

-- | An error message.
analyzedResource_error :: Lens' AnalyzedResource (Maybe Text)

-- | Indicates how the access that generated the finding is granted. This
--   is populated for Amazon S3 bucket findings.
analyzedResource_sharedVia :: Lens' AnalyzedResource (Maybe [Text])

-- | The current status of the finding generated from the analyzed
--   resource.
analyzedResource_status :: Lens' AnalyzedResource (Maybe FindingStatus)

-- | The ARN of the resource that was analyzed.
analyzedResource_resourceArn :: Lens' AnalyzedResource Text

-- | The type of the resource that was analyzed.
analyzedResource_resourceType :: Lens' AnalyzedResource ResourceType

-- | The time at which the finding was created.
analyzedResource_createdAt :: Lens' AnalyzedResource UTCTime

-- | The time at which the resource was analyzed.
analyzedResource_analyzedAt :: Lens' AnalyzedResource UTCTime

-- | The time at which the finding was updated.
analyzedResource_updatedAt :: Lens' AnalyzedResource UTCTime

-- | Indicates whether the policy that generated the finding grants public
--   access to the resource.
analyzedResource_isPublic :: Lens' AnalyzedResource Bool

-- | The Amazon Web Services account ID that owns the resource.
analyzedResource_resourceOwnerAccount :: Lens' AnalyzedResource Text

-- | Contains the ARN of the analyzed resource.
--   
--   <i>See:</i> <a>newAnalyzedResourceSummary</a> smart constructor.
data AnalyzedResourceSummary
AnalyzedResourceSummary' :: Text -> Text -> ResourceType -> AnalyzedResourceSummary

-- | The ARN of the analyzed resource.
[$sel:resourceArn:AnalyzedResourceSummary'] :: AnalyzedResourceSummary -> Text

-- | The Amazon Web Services account ID that owns the resource.
[$sel:resourceOwnerAccount:AnalyzedResourceSummary'] :: AnalyzedResourceSummary -> Text

-- | The type of resource that was analyzed.
[$sel:resourceType:AnalyzedResourceSummary'] :: AnalyzedResourceSummary -> ResourceType

-- | Create a value of <a>AnalyzedResourceSummary</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:resourceArn:AnalyzedResourceSummary'</a>,
--   <a>analyzedResourceSummary_resourceArn</a> - The ARN of the analyzed
--   resource.
--   
--   <a>$sel:resourceOwnerAccount:AnalyzedResourceSummary'</a>,
--   <a>analyzedResourceSummary_resourceOwnerAccount</a> - The Amazon Web
--   Services account ID that owns the resource.
--   
--   <a>$sel:resourceType:AnalyzedResourceSummary'</a>,
--   <a>analyzedResourceSummary_resourceType</a> - The type of resource
--   that was analyzed.
newAnalyzedResourceSummary :: Text -> Text -> ResourceType -> AnalyzedResourceSummary

-- | The ARN of the analyzed resource.
analyzedResourceSummary_resourceArn :: Lens' AnalyzedResourceSummary Text

-- | The Amazon Web Services account ID that owns the resource.
analyzedResourceSummary_resourceOwnerAccount :: Lens' AnalyzedResourceSummary Text

-- | The type of resource that was analyzed.
analyzedResourceSummary_resourceType :: Lens' AnalyzedResourceSummary ResourceType

-- | Contains information about the analyzer.
--   
--   <i>See:</i> <a>newAnalyzerSummary</a> smart constructor.
data AnalyzerSummary
AnalyzerSummary' :: Maybe Text -> Maybe ISO8601 -> Maybe StatusReason -> Maybe (HashMap Text Text) -> Text -> Text -> Type -> ISO8601 -> AnalyzerStatus -> AnalyzerSummary

-- | The resource that was most recently analyzed by the analyzer.
[$sel:lastResourceAnalyzed:AnalyzerSummary'] :: AnalyzerSummary -> Maybe Text

-- | The time at which the most recently analyzed resource was analyzed.
[$sel:lastResourceAnalyzedAt:AnalyzerSummary'] :: AnalyzerSummary -> Maybe ISO8601

-- | The <tt>statusReason</tt> provides more details about the current
--   status of the analyzer. For example, if the creation for the analyzer
--   fails, a <tt>Failed</tt> status is returned. For an analyzer with
--   organization as the type, this failure can be due to an issue with
--   creating the service-linked roles required in the member accounts of
--   the Amazon Web Services organization.
[$sel:statusReason:AnalyzerSummary'] :: AnalyzerSummary -> Maybe StatusReason

-- | The tags added to the analyzer.
[$sel:tags:AnalyzerSummary'] :: AnalyzerSummary -> Maybe (HashMap Text Text)

-- | The ARN of the analyzer.
[$sel:arn:AnalyzerSummary'] :: AnalyzerSummary -> Text

-- | The name of the analyzer.
[$sel:name:AnalyzerSummary'] :: AnalyzerSummary -> Text

-- | The type of analyzer, which corresponds to the zone of trust chosen
--   for the analyzer.
[$sel:type':AnalyzerSummary'] :: AnalyzerSummary -> Type

-- | A timestamp for the time at which the analyzer was created.
[$sel:createdAt:AnalyzerSummary'] :: AnalyzerSummary -> ISO8601

-- | The status of the analyzer. An <tt>Active</tt> analyzer successfully
--   monitors supported resources and generates new findings. The analyzer
--   is <tt>Disabled</tt> when a user action, such as removing trusted
--   access for Identity and Access Management Access Analyzer from
--   Organizations, causes the analyzer to stop generating new findings.
--   The status is <tt>Creating</tt> when the analyzer creation is in
--   progress and <tt>Failed</tt> when the analyzer creation has failed.
[$sel:status:AnalyzerSummary'] :: AnalyzerSummary -> AnalyzerStatus

-- | Create a value of <a>AnalyzerSummary</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:lastResourceAnalyzed:AnalyzerSummary'</a>,
--   <a>analyzerSummary_lastResourceAnalyzed</a> - The resource that was
--   most recently analyzed by the analyzer.
--   
--   <a>$sel:lastResourceAnalyzedAt:AnalyzerSummary'</a>,
--   <a>analyzerSummary_lastResourceAnalyzedAt</a> - The time at which the
--   most recently analyzed resource was analyzed.
--   
--   <a>$sel:statusReason:AnalyzerSummary'</a>,
--   <a>analyzerSummary_statusReason</a> - The <tt>statusReason</tt>
--   provides more details about the current status of the analyzer. For
--   example, if the creation for the analyzer fails, a <tt>Failed</tt>
--   status is returned. For an analyzer with organization as the type,
--   this failure can be due to an issue with creating the service-linked
--   roles required in the member accounts of the Amazon Web Services
--   organization.
--   
--   <a>$sel:tags:AnalyzerSummary'</a>, <a>analyzerSummary_tags</a> - The
--   tags added to the analyzer.
--   
--   <a>$sel:arn:AnalyzerSummary'</a>, <a>analyzerSummary_arn</a> - The ARN
--   of the analyzer.
--   
--   <a>$sel:name:AnalyzerSummary'</a>, <a>analyzerSummary_name</a> - The
--   name of the analyzer.
--   
--   <a>$sel:type':AnalyzerSummary'</a>, <a>analyzerSummary_type</a> - The
--   type of analyzer, which corresponds to the zone of trust chosen for
--   the analyzer.
--   
--   <a>$sel:createdAt:AnalyzerSummary'</a>,
--   <a>analyzerSummary_createdAt</a> - A timestamp for the time at which
--   the analyzer was created.
--   
--   <a>$sel:status:AnalyzerSummary'</a>, <a>analyzerSummary_status</a> -
--   The status of the analyzer. An <tt>Active</tt> analyzer successfully
--   monitors supported resources and generates new findings. The analyzer
--   is <tt>Disabled</tt> when a user action, such as removing trusted
--   access for Identity and Access Management Access Analyzer from
--   Organizations, causes the analyzer to stop generating new findings.
--   The status is <tt>Creating</tt> when the analyzer creation is in
--   progress and <tt>Failed</tt> when the analyzer creation has failed.
newAnalyzerSummary :: Text -> Text -> Type -> UTCTime -> AnalyzerStatus -> AnalyzerSummary

-- | The resource that was most recently analyzed by the analyzer.
analyzerSummary_lastResourceAnalyzed :: Lens' AnalyzerSummary (Maybe Text)

-- | The time at which the most recently analyzed resource was analyzed.
analyzerSummary_lastResourceAnalyzedAt :: Lens' AnalyzerSummary (Maybe UTCTime)

-- | The <tt>statusReason</tt> provides more details about the current
--   status of the analyzer. For example, if the creation for the analyzer
--   fails, a <tt>Failed</tt> status is returned. For an analyzer with
--   organization as the type, this failure can be due to an issue with
--   creating the service-linked roles required in the member accounts of
--   the Amazon Web Services organization.
analyzerSummary_statusReason :: Lens' AnalyzerSummary (Maybe StatusReason)

-- | The tags added to the analyzer.
analyzerSummary_tags :: Lens' AnalyzerSummary (Maybe (HashMap Text Text))

-- | The ARN of the analyzer.
analyzerSummary_arn :: Lens' AnalyzerSummary Text

-- | The name of the analyzer.
analyzerSummary_name :: Lens' AnalyzerSummary Text

-- | The type of analyzer, which corresponds to the zone of trust chosen
--   for the analyzer.
analyzerSummary_type :: Lens' AnalyzerSummary Type

-- | A timestamp for the time at which the analyzer was created.
analyzerSummary_createdAt :: Lens' AnalyzerSummary UTCTime

-- | The status of the analyzer. An <tt>Active</tt> analyzer successfully
--   monitors supported resources and generates new findings. The analyzer
--   is <tt>Disabled</tt> when a user action, such as removing trusted
--   access for Identity and Access Management Access Analyzer from
--   Organizations, causes the analyzer to stop generating new findings.
--   The status is <tt>Creating</tt> when the analyzer creation is in
--   progress and <tt>Failed</tt> when the analyzer creation has failed.
analyzerSummary_status :: Lens' AnalyzerSummary AnalyzerStatus

-- | Contains information about an archive rule.
--   
--   <i>See:</i> <a>newArchiveRuleSummary</a> smart constructor.
data ArchiveRuleSummary
ArchiveRuleSummary' :: Text -> HashMap Text Criterion -> ISO8601 -> ISO8601 -> ArchiveRuleSummary

-- | The name of the archive rule.
[$sel:ruleName:ArchiveRuleSummary'] :: ArchiveRuleSummary -> Text

-- | A filter used to define the archive rule.
[$sel:filter':ArchiveRuleSummary'] :: ArchiveRuleSummary -> HashMap Text Criterion

-- | The time at which the archive rule was created.
[$sel:createdAt:ArchiveRuleSummary'] :: ArchiveRuleSummary -> ISO8601

-- | The time at which the archive rule was last updated.
[$sel:updatedAt:ArchiveRuleSummary'] :: ArchiveRuleSummary -> ISO8601

-- | Create a value of <a>ArchiveRuleSummary</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:ruleName:ArchiveRuleSummary'</a>,
--   <a>archiveRuleSummary_ruleName</a> - The name of the archive rule.
--   
--   <a>$sel:filter':ArchiveRuleSummary'</a>,
--   <a>archiveRuleSummary_filter</a> - A filter used to define the archive
--   rule.
--   
--   <a>$sel:createdAt:ArchiveRuleSummary'</a>,
--   <a>archiveRuleSummary_createdAt</a> - The time at which the archive
--   rule was created.
--   
--   <a>$sel:updatedAt:ArchiveRuleSummary'</a>,
--   <a>archiveRuleSummary_updatedAt</a> - The time at which the archive
--   rule was last updated.
newArchiveRuleSummary :: Text -> UTCTime -> UTCTime -> ArchiveRuleSummary

-- | The name of the archive rule.
archiveRuleSummary_ruleName :: Lens' ArchiveRuleSummary Text

-- | A filter used to define the archive rule.
archiveRuleSummary_filter :: Lens' ArchiveRuleSummary (HashMap Text Criterion)

-- | The time at which the archive rule was created.
archiveRuleSummary_createdAt :: Lens' ArchiveRuleSummary UTCTime

-- | The time at which the archive rule was last updated.
archiveRuleSummary_updatedAt :: Lens' ArchiveRuleSummary UTCTime

-- | Contains information about CloudTrail access.
--   
--   <i>See:</i> <a>newCloudTrailDetails</a> smart constructor.
data CloudTrailDetails
CloudTrailDetails' :: Maybe ISO8601 -> [Trail] -> Text -> ISO8601 -> CloudTrailDetails

-- | The end of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp after this time are not
--   considered to generate a policy. If this is not included in the
--   request, the default value is the current time.
[$sel:endTime:CloudTrailDetails'] :: CloudTrailDetails -> Maybe ISO8601

-- | A <tt>Trail</tt> object that contains settings for a trail.
[$sel:trails:CloudTrailDetails'] :: CloudTrailDetails -> [Trail]

-- | The ARN of the service role that IAM Access Analyzer uses to access
--   your CloudTrail trail and service last accessed information.
[$sel:accessRole:CloudTrailDetails'] :: CloudTrailDetails -> Text

-- | The start of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp before this time are not
--   considered to generate a policy.
[$sel:startTime:CloudTrailDetails'] :: CloudTrailDetails -> ISO8601

-- | Create a value of <a>CloudTrailDetails</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:endTime:CloudTrailDetails'</a>,
--   <a>cloudTrailDetails_endTime</a> - The end of the time range for which
--   IAM Access Analyzer reviews your CloudTrail events. Events with a
--   timestamp after this time are not considered to generate a policy. If
--   this is not included in the request, the default value is the current
--   time.
--   
--   <a>$sel:trails:CloudTrailDetails'</a>, <a>cloudTrailDetails_trails</a>
--   - A <tt>Trail</tt> object that contains settings for a trail.
--   
--   <a>$sel:accessRole:CloudTrailDetails'</a>,
--   <a>cloudTrailDetails_accessRole</a> - The ARN of the service role that
--   IAM Access Analyzer uses to access your CloudTrail trail and service
--   last accessed information.
--   
--   <a>$sel:startTime:CloudTrailDetails'</a>,
--   <a>cloudTrailDetails_startTime</a> - The start of the time range for
--   which IAM Access Analyzer reviews your CloudTrail events. Events with
--   a timestamp before this time are not considered to generate a policy.
newCloudTrailDetails :: Text -> UTCTime -> CloudTrailDetails

-- | The end of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp after this time are not
--   considered to generate a policy. If this is not included in the
--   request, the default value is the current time.
cloudTrailDetails_endTime :: Lens' CloudTrailDetails (Maybe UTCTime)

-- | A <tt>Trail</tt> object that contains settings for a trail.
cloudTrailDetails_trails :: Lens' CloudTrailDetails [Trail]

-- | The ARN of the service role that IAM Access Analyzer uses to access
--   your CloudTrail trail and service last accessed information.
cloudTrailDetails_accessRole :: Lens' CloudTrailDetails Text

-- | The start of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp before this time are not
--   considered to generate a policy.
cloudTrailDetails_startTime :: Lens' CloudTrailDetails UTCTime

-- | Contains information about CloudTrail access.
--   
--   <i>See:</i> <a>newCloudTrailProperties</a> smart constructor.
data CloudTrailProperties
CloudTrailProperties' :: [TrailProperties] -> ISO8601 -> ISO8601 -> CloudTrailProperties

-- | A <tt>TrailProperties</tt> object that contains settings for trail
--   properties.
[$sel:trailProperties:CloudTrailProperties'] :: CloudTrailProperties -> [TrailProperties]

-- | The start of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp before this time are not
--   considered to generate a policy.
[$sel:startTime:CloudTrailProperties'] :: CloudTrailProperties -> ISO8601

-- | The end of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp after this time are not
--   considered to generate a policy. If this is not included in the
--   request, the default value is the current time.
[$sel:endTime:CloudTrailProperties'] :: CloudTrailProperties -> ISO8601

-- | Create a value of <a>CloudTrailProperties</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:trailProperties:CloudTrailProperties'</a>,
--   <a>cloudTrailProperties_trailProperties</a> - A
--   <tt>TrailProperties</tt> object that contains settings for trail
--   properties.
--   
--   <a>$sel:startTime:CloudTrailProperties'</a>,
--   <a>cloudTrailProperties_startTime</a> - The start of the time range
--   for which IAM Access Analyzer reviews your CloudTrail events. Events
--   with a timestamp before this time are not considered to generate a
--   policy.
--   
--   <a>$sel:endTime:CloudTrailProperties'</a>,
--   <a>cloudTrailProperties_endTime</a> - The end of the time range for
--   which IAM Access Analyzer reviews your CloudTrail events. Events with
--   a timestamp after this time are not considered to generate a policy.
--   If this is not included in the request, the default value is the
--   current time.
newCloudTrailProperties :: UTCTime -> UTCTime -> CloudTrailProperties

-- | A <tt>TrailProperties</tt> object that contains settings for trail
--   properties.
cloudTrailProperties_trailProperties :: Lens' CloudTrailProperties [TrailProperties]

-- | The start of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp before this time are not
--   considered to generate a policy.
cloudTrailProperties_startTime :: Lens' CloudTrailProperties UTCTime

-- | The end of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp after this time are not
--   considered to generate a policy. If this is not included in the
--   request, the default value is the current time.
cloudTrailProperties_endTime :: Lens' CloudTrailProperties UTCTime

-- | Access control configuration structures for your resource. You specify
--   the configuration as a type-value pair. You can specify only one type
--   of access control configuration.
--   
--   <i>See:</i> <a>newConfiguration</a> smart constructor.
data Configuration
Configuration' :: Maybe EbsSnapshotConfiguration -> Maybe EcrRepositoryConfiguration -> Maybe EfsFileSystemConfiguration -> Maybe IamRoleConfiguration -> Maybe KmsKeyConfiguration -> Maybe RdsDbClusterSnapshotConfiguration -> Maybe RdsDbSnapshotConfiguration -> Maybe S3BucketConfiguration -> Maybe SecretsManagerSecretConfiguration -> Maybe SnsTopicConfiguration -> Maybe SqsQueueConfiguration -> Configuration

-- | The access control configuration is for an Amazon EBS volume snapshot.
[$sel:ebsSnapshot:Configuration'] :: Configuration -> Maybe EbsSnapshotConfiguration

-- | The access control configuration is for an Amazon ECR repository.
[$sel:ecrRepository:Configuration'] :: Configuration -> Maybe EcrRepositoryConfiguration

-- | The access control configuration is for an Amazon EFS file system.
[$sel:efsFileSystem:Configuration'] :: Configuration -> Maybe EfsFileSystemConfiguration

-- | The access control configuration is for an IAM role.
[$sel:iamRole:Configuration'] :: Configuration -> Maybe IamRoleConfiguration

-- | The access control configuration is for a KMS key.
[$sel:kmsKey:Configuration'] :: Configuration -> Maybe KmsKeyConfiguration

-- | The access control configuration is for an Amazon RDS DB cluster
--   snapshot.
[$sel:rdsDbClusterSnapshot:Configuration'] :: Configuration -> Maybe RdsDbClusterSnapshotConfiguration

-- | The access control configuration is for an Amazon RDS DB snapshot.
[$sel:rdsDbSnapshot:Configuration'] :: Configuration -> Maybe RdsDbSnapshotConfiguration

-- | The access control configuration is for an Amazon S3 Bucket.
[$sel:s3Bucket:Configuration'] :: Configuration -> Maybe S3BucketConfiguration

-- | The access control configuration is for a Secrets Manager secret.
[$sel:secretsManagerSecret:Configuration'] :: Configuration -> Maybe SecretsManagerSecretConfiguration

-- | The access control configuration is for an Amazon SNS topic
[$sel:snsTopic:Configuration'] :: Configuration -> Maybe SnsTopicConfiguration

-- | The access control configuration is for an Amazon SQS queue.
[$sel:sqsQueue:Configuration'] :: Configuration -> Maybe SqsQueueConfiguration

-- | Create a value of <a>Configuration</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:ebsSnapshot:Configuration'</a>,
--   <a>configuration_ebsSnapshot</a> - The access control configuration is
--   for an Amazon EBS volume snapshot.
--   
--   <a>$sel:ecrRepository:Configuration'</a>,
--   <a>configuration_ecrRepository</a> - The access control configuration
--   is for an Amazon ECR repository.
--   
--   <a>$sel:efsFileSystem:Configuration'</a>,
--   <a>configuration_efsFileSystem</a> - The access control configuration
--   is for an Amazon EFS file system.
--   
--   <a>$sel:iamRole:Configuration'</a>, <a>configuration_iamRole</a> - The
--   access control configuration is for an IAM role.
--   
--   <a>$sel:kmsKey:Configuration'</a>, <a>configuration_kmsKey</a> - The
--   access control configuration is for a KMS key.
--   
--   <a>$sel:rdsDbClusterSnapshot:Configuration'</a>,
--   <a>configuration_rdsDbClusterSnapshot</a> - The access control
--   configuration is for an Amazon RDS DB cluster snapshot.
--   
--   <a>$sel:rdsDbSnapshot:Configuration'</a>,
--   <a>configuration_rdsDbSnapshot</a> - The access control configuration
--   is for an Amazon RDS DB snapshot.
--   
--   <a>$sel:s3Bucket:Configuration'</a>, <a>configuration_s3Bucket</a> -
--   The access control configuration is for an Amazon S3 Bucket.
--   
--   <a>$sel:secretsManagerSecret:Configuration'</a>,
--   <a>configuration_secretsManagerSecret</a> - The access control
--   configuration is for a Secrets Manager secret.
--   
--   <a>$sel:snsTopic:Configuration'</a>, <a>configuration_snsTopic</a> -
--   The access control configuration is for an Amazon SNS topic
--   
--   <a>$sel:sqsQueue:Configuration'</a>, <a>configuration_sqsQueue</a> -
--   The access control configuration is for an Amazon SQS queue.
newConfiguration :: Configuration

-- | The access control configuration is for an Amazon EBS volume snapshot.
configuration_ebsSnapshot :: Lens' Configuration (Maybe EbsSnapshotConfiguration)

-- | The access control configuration is for an Amazon ECR repository.
configuration_ecrRepository :: Lens' Configuration (Maybe EcrRepositoryConfiguration)

-- | The access control configuration is for an Amazon EFS file system.
configuration_efsFileSystem :: Lens' Configuration (Maybe EfsFileSystemConfiguration)

-- | The access control configuration is for an IAM role.
configuration_iamRole :: Lens' Configuration (Maybe IamRoleConfiguration)

-- | The access control configuration is for a KMS key.
configuration_kmsKey :: Lens' Configuration (Maybe KmsKeyConfiguration)

-- | The access control configuration is for an Amazon RDS DB cluster
--   snapshot.
configuration_rdsDbClusterSnapshot :: Lens' Configuration (Maybe RdsDbClusterSnapshotConfiguration)

-- | The access control configuration is for an Amazon RDS DB snapshot.
configuration_rdsDbSnapshot :: Lens' Configuration (Maybe RdsDbSnapshotConfiguration)

-- | The access control configuration is for an Amazon S3 Bucket.
configuration_s3Bucket :: Lens' Configuration (Maybe S3BucketConfiguration)

-- | The access control configuration is for a Secrets Manager secret.
configuration_secretsManagerSecret :: Lens' Configuration (Maybe SecretsManagerSecretConfiguration)

-- | The access control configuration is for an Amazon SNS topic
configuration_snsTopic :: Lens' Configuration (Maybe SnsTopicConfiguration)

-- | The access control configuration is for an Amazon SQS queue.
configuration_sqsQueue :: Lens' Configuration (Maybe SqsQueueConfiguration)

-- | The criteria to use in the filter that defines the archive rule. For
--   more information on available filter keys, see <a>IAM Access Analyzer
--   filter keys</a>.
--   
--   <i>See:</i> <a>newCriterion</a> smart constructor.
data Criterion
Criterion' :: Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Maybe Bool -> Maybe (NonEmpty Text) -> Criterion

-- | A "contains" operator to match for the filter used to create the rule.
[$sel:contains:Criterion'] :: Criterion -> Maybe (NonEmpty Text)

-- | An "equals" operator to match for the filter used to create the rule.
[$sel:eq:Criterion'] :: Criterion -> Maybe (NonEmpty Text)

-- | An "exists" operator to match for the filter used to create the rule.
[$sel:exists:Criterion'] :: Criterion -> Maybe Bool

-- | A "not equals" operator to match for the filter used to create the
--   rule.
[$sel:neq:Criterion'] :: Criterion -> Maybe (NonEmpty Text)

-- | Create a value of <a>Criterion</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:contains:Criterion'</a>, <a>criterion_contains</a> - A
--   "contains" operator to match for the filter used to create the rule.
--   
--   <a>$sel:eq:Criterion'</a>, <a>criterion_eq</a> - An "equals" operator
--   to match for the filter used to create the rule.
--   
--   <a>$sel:exists:Criterion'</a>, <a>criterion_exists</a> - An "exists"
--   operator to match for the filter used to create the rule.
--   
--   <a>$sel:neq:Criterion'</a>, <a>criterion_neq</a> - A "not equals"
--   operator to match for the filter used to create the rule.
newCriterion :: Criterion

-- | A "contains" operator to match for the filter used to create the rule.
criterion_contains :: Lens' Criterion (Maybe (NonEmpty Text))

-- | An "equals" operator to match for the filter used to create the rule.
criterion_eq :: Lens' Criterion (Maybe (NonEmpty Text))

-- | An "exists" operator to match for the filter used to create the rule.
criterion_exists :: Lens' Criterion (Maybe Bool)

-- | A "not equals" operator to match for the filter used to create the
--   rule.
criterion_neq :: Lens' Criterion (Maybe (NonEmpty Text))

-- | The proposed access control configuration for an Amazon EBS volume
--   snapshot. You can propose a configuration for a new Amazon EBS volume
--   snapshot or an Amazon EBS volume snapshot that you own by specifying
--   the user IDs, groups, and optional KMS encryption key. For more
--   information, see <a>ModifySnapshotAttribute</a>.
--   
--   <i>See:</i> <a>newEbsSnapshotConfiguration</a> smart constructor.
data EbsSnapshotConfiguration
EbsSnapshotConfiguration' :: Maybe [Text] -> Maybe Text -> Maybe [Text] -> EbsSnapshotConfiguration

-- | The groups that have access to the Amazon EBS volume snapshot. If the
--   value <tt>all</tt> is specified, then the Amazon EBS volume snapshot
--   is public.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>groups</tt>, then the access preview
--   uses the existing shared <tt>groups</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>groups</tt>, then the access preview considers the snapshot
--   without any <tt>groups</tt>.</li>
--   <li>To propose deletion of existing shared <tt>groups</tt>, you can
--   specify an empty list for <tt>groups</tt>.</li>
--   </ul>
[$sel:groups:EbsSnapshotConfiguration'] :: EbsSnapshotConfiguration -> Maybe [Text]

-- | The KMS key identifier for an encrypted Amazon EBS volume snapshot.
--   The KMS key identifier is the key ARN, key ID, alias ARN, or alias
--   name for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>kmsKeyId</tt>, or you specify an empty
--   string, then the access preview uses the existing <tt>kmsKeyId</tt> of
--   the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>kmsKeyId</tt>, the access preview considers the snapshot as
--   unencrypted.</li>
--   </ul>
[$sel:kmsKeyId:EbsSnapshotConfiguration'] :: EbsSnapshotConfiguration -> Maybe Text

-- | The IDs of the Amazon Web Services accounts that have access to the
--   Amazon EBS volume snapshot.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>userIds</tt>, then the access preview
--   uses the existing shared <tt>userIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>userIds</tt>, then the access preview considers the snapshot
--   without any <tt>userIds</tt>.</li>
--   <li>To propose deletion of existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>userIds</tt>.</li>
--   </ul>
[$sel:userIds:EbsSnapshotConfiguration'] :: EbsSnapshotConfiguration -> Maybe [Text]

-- | Create a value of <a>EbsSnapshotConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:groups:EbsSnapshotConfiguration'</a>,
--   <a>ebsSnapshotConfiguration_groups</a> - The groups that have access
--   to the Amazon EBS volume snapshot. If the value <tt>all</tt> is
--   specified, then the Amazon EBS volume snapshot is public.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>groups</tt>, then the access preview
--   uses the existing shared <tt>groups</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>groups</tt>, then the access preview considers the snapshot
--   without any <tt>groups</tt>.</li>
--   <li>To propose deletion of existing shared <tt>groups</tt>, you can
--   specify an empty list for <tt>groups</tt>.</li>
--   </ul>
--   
--   <a>$sel:kmsKeyId:EbsSnapshotConfiguration'</a>,
--   <a>ebsSnapshotConfiguration_kmsKeyId</a> - The KMS key identifier for
--   an encrypted Amazon EBS volume snapshot. The KMS key identifier is the
--   key ARN, key ID, alias ARN, or alias name for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>kmsKeyId</tt>, or you specify an empty
--   string, then the access preview uses the existing <tt>kmsKeyId</tt> of
--   the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>kmsKeyId</tt>, the access preview considers the snapshot as
--   unencrypted.</li>
--   </ul>
--   
--   <a>$sel:userIds:EbsSnapshotConfiguration'</a>,
--   <a>ebsSnapshotConfiguration_userIds</a> - The IDs of the Amazon Web
--   Services accounts that have access to the Amazon EBS volume snapshot.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>userIds</tt>, then the access preview
--   uses the existing shared <tt>userIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>userIds</tt>, then the access preview considers the snapshot
--   without any <tt>userIds</tt>.</li>
--   <li>To propose deletion of existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>userIds</tt>.</li>
--   </ul>
newEbsSnapshotConfiguration :: EbsSnapshotConfiguration

-- | The groups that have access to the Amazon EBS volume snapshot. If the
--   value <tt>all</tt> is specified, then the Amazon EBS volume snapshot
--   is public.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>groups</tt>, then the access preview
--   uses the existing shared <tt>groups</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>groups</tt>, then the access preview considers the snapshot
--   without any <tt>groups</tt>.</li>
--   <li>To propose deletion of existing shared <tt>groups</tt>, you can
--   specify an empty list for <tt>groups</tt>.</li>
--   </ul>
ebsSnapshotConfiguration_groups :: Lens' EbsSnapshotConfiguration (Maybe [Text])

-- | The KMS key identifier for an encrypted Amazon EBS volume snapshot.
--   The KMS key identifier is the key ARN, key ID, alias ARN, or alias
--   name for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>kmsKeyId</tt>, or you specify an empty
--   string, then the access preview uses the existing <tt>kmsKeyId</tt> of
--   the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>kmsKeyId</tt>, the access preview considers the snapshot as
--   unencrypted.</li>
--   </ul>
ebsSnapshotConfiguration_kmsKeyId :: Lens' EbsSnapshotConfiguration (Maybe Text)

-- | The IDs of the Amazon Web Services accounts that have access to the
--   Amazon EBS volume snapshot.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>userIds</tt>, then the access preview
--   uses the existing shared <tt>userIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>userIds</tt>, then the access preview considers the snapshot
--   without any <tt>userIds</tt>.</li>
--   <li>To propose deletion of existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>userIds</tt>.</li>
--   </ul>
ebsSnapshotConfiguration_userIds :: Lens' EbsSnapshotConfiguration (Maybe [Text])

-- | The proposed access control configuration for an Amazon ECR
--   repository. You can propose a configuration for a new Amazon ECR
--   repository or an existing Amazon ECR repository that you own by
--   specifying the Amazon ECR policy. For more information, see
--   <a>Repository</a>.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon ECR repository and
--   you do not specify the Amazon ECR policy, then the access preview uses
--   the existing Amazon ECR policy for the repository.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the policy, then the access preview assumes an Amazon ECR repository
--   without a policy.</li>
--   <li>To propose deletion of an existing Amazon ECR repository policy,
--   you can specify an empty string for the Amazon ECR policy.</li>
--   </ul>
--   
--   <i>See:</i> <a>newEcrRepositoryConfiguration</a> smart constructor.
data EcrRepositoryConfiguration
EcrRepositoryConfiguration' :: Maybe Text -> EcrRepositoryConfiguration

-- | The JSON repository policy text to apply to the Amazon ECR repository.
--   For more information, see <a>Private repository policy examples</a> in
--   the <i>Amazon ECR User Guide</i>.
[$sel:repositoryPolicy:EcrRepositoryConfiguration'] :: EcrRepositoryConfiguration -> Maybe Text

-- | Create a value of <a>EcrRepositoryConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:repositoryPolicy:EcrRepositoryConfiguration'</a>,
--   <a>ecrRepositoryConfiguration_repositoryPolicy</a> - The JSON
--   repository policy text to apply to the Amazon ECR repository. For more
--   information, see <a>Private repository policy examples</a> in the
--   <i>Amazon ECR User Guide</i>.
newEcrRepositoryConfiguration :: EcrRepositoryConfiguration

-- | The JSON repository policy text to apply to the Amazon ECR repository.
--   For more information, see <a>Private repository policy examples</a> in
--   the <i>Amazon ECR User Guide</i>.
ecrRepositoryConfiguration_repositoryPolicy :: Lens' EcrRepositoryConfiguration (Maybe Text)

-- | The proposed access control configuration for an Amazon EFS file
--   system. You can propose a configuration for a new Amazon EFS file
--   system or an existing Amazon EFS file system that you own by
--   specifying the Amazon EFS policy. For more information, see <a>Using
--   file systems in Amazon EFS</a>.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EFS file system and
--   you do not specify the Amazon EFS policy, then the access preview uses
--   the existing Amazon EFS policy for the file system.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the policy, then the access preview assumes an Amazon EFS file system
--   without a policy.</li>
--   <li>To propose deletion of an existing Amazon EFS file system policy,
--   you can specify an empty string for the Amazon EFS policy.</li>
--   </ul>
--   
--   <i>See:</i> <a>newEfsFileSystemConfiguration</a> smart constructor.
data EfsFileSystemConfiguration
EfsFileSystemConfiguration' :: Maybe Text -> EfsFileSystemConfiguration

-- | The JSON policy definition to apply to the Amazon EFS file system. For
--   more information on the elements that make up a file system policy,
--   see <a>Amazon EFS Resource-based policies</a>.
[$sel:fileSystemPolicy:EfsFileSystemConfiguration'] :: EfsFileSystemConfiguration -> Maybe Text

-- | Create a value of <a>EfsFileSystemConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:fileSystemPolicy:EfsFileSystemConfiguration'</a>,
--   <a>efsFileSystemConfiguration_fileSystemPolicy</a> - The JSON policy
--   definition to apply to the Amazon EFS file system. For more
--   information on the elements that make up a file system policy, see
--   <a>Amazon EFS Resource-based policies</a>.
newEfsFileSystemConfiguration :: EfsFileSystemConfiguration

-- | The JSON policy definition to apply to the Amazon EFS file system. For
--   more information on the elements that make up a file system policy,
--   see <a>Amazon EFS Resource-based policies</a>.
efsFileSystemConfiguration_fileSystemPolicy :: Lens' EfsFileSystemConfiguration (Maybe Text)

-- | Contains information about a finding.
--   
--   <i>See:</i> <a>newFinding</a> smart constructor.
data Finding
Finding' :: Maybe [Text] -> Maybe Text -> Maybe Bool -> Maybe (HashMap Text Text) -> Maybe Text -> Maybe [FindingSource] -> Text -> ResourceType -> HashMap Text Text -> ISO8601 -> ISO8601 -> ISO8601 -> FindingStatus -> Text -> Finding

-- | The action in the analyzed policy statement that an external principal
--   has permission to use.
[$sel:action:Finding'] :: Finding -> Maybe [Text]

-- | An error.
[$sel:error:Finding'] :: Finding -> Maybe Text

-- | Indicates whether the policy that generated the finding allows public
--   access to the resource.
[$sel:isPublic:Finding'] :: Finding -> Maybe Bool

-- | The external principal that access to a resource within the zone of
--   trust.
[$sel:principal:Finding'] :: Finding -> Maybe (HashMap Text Text)

-- | The resource that an external principal has access to.
[$sel:resource:Finding'] :: Finding -> Maybe Text

-- | The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
[$sel:sources:Finding'] :: Finding -> Maybe [FindingSource]

-- | The ID of the finding.
[$sel:id:Finding'] :: Finding -> Text

-- | The type of the resource identified in the finding.
[$sel:resourceType:Finding'] :: Finding -> ResourceType

-- | The condition in the analyzed policy statement that resulted in a
--   finding.
[$sel:condition:Finding'] :: Finding -> HashMap Text Text

-- | The time at which the finding was generated.
[$sel:createdAt:Finding'] :: Finding -> ISO8601

-- | The time at which the resource was analyzed.
[$sel:analyzedAt:Finding'] :: Finding -> ISO8601

-- | The time at which the finding was updated.
[$sel:updatedAt:Finding'] :: Finding -> ISO8601

-- | The current status of the finding.
[$sel:status:Finding'] :: Finding -> FindingStatus

-- | The Amazon Web Services account ID that owns the resource.
[$sel:resourceOwnerAccount:Finding'] :: Finding -> Text

-- | Create a value of <a>Finding</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:action:Finding'</a>, <a>finding_action</a> - The action in the
--   analyzed policy statement that an external principal has permission to
--   use.
--   
--   <a>$sel:error:Finding'</a>, <a>finding_error</a> - An error.
--   
--   <a>$sel:isPublic:Finding'</a>, <a>finding_isPublic</a> - Indicates
--   whether the policy that generated the finding allows public access to
--   the resource.
--   
--   <a>$sel:principal:Finding'</a>, <a>finding_principal</a> - The
--   external principal that access to a resource within the zone of trust.
--   
--   <a>$sel:resource:Finding'</a>, <a>finding_resource</a> - The resource
--   that an external principal has access to.
--   
--   <a>$sel:sources:Finding'</a>, <a>finding_sources</a> - The sources of
--   the finding. This indicates how the access that generated the finding
--   is granted. It is populated for Amazon S3 bucket findings.
--   
--   <a>$sel:id:Finding'</a>, <a>finding_id</a> - The ID of the finding.
--   
--   <a>$sel:resourceType:Finding'</a>, <a>finding_resourceType</a> - The
--   type of the resource identified in the finding.
--   
--   <a>$sel:condition:Finding'</a>, <a>finding_condition</a> - The
--   condition in the analyzed policy statement that resulted in a finding.
--   
--   <a>$sel:createdAt:Finding'</a>, <a>finding_createdAt</a> - The time at
--   which the finding was generated.
--   
--   <a>$sel:analyzedAt:Finding'</a>, <a>finding_analyzedAt</a> - The time
--   at which the resource was analyzed.
--   
--   <a>$sel:updatedAt:Finding'</a>, <a>finding_updatedAt</a> - The time at
--   which the finding was updated.
--   
--   <a>$sel:status:Finding'</a>, <a>finding_status</a> - The current
--   status of the finding.
--   
--   <a>$sel:resourceOwnerAccount:Finding'</a>,
--   <a>finding_resourceOwnerAccount</a> - The Amazon Web Services account
--   ID that owns the resource.
newFinding :: Text -> ResourceType -> UTCTime -> UTCTime -> UTCTime -> FindingStatus -> Text -> Finding

-- | The action in the analyzed policy statement that an external principal
--   has permission to use.
finding_action :: Lens' Finding (Maybe [Text])

-- | An error.
finding_error :: Lens' Finding (Maybe Text)

-- | Indicates whether the policy that generated the finding allows public
--   access to the resource.
finding_isPublic :: Lens' Finding (Maybe Bool)

-- | The external principal that access to a resource within the zone of
--   trust.
finding_principal :: Lens' Finding (Maybe (HashMap Text Text))

-- | The resource that an external principal has access to.
finding_resource :: Lens' Finding (Maybe Text)

-- | The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
finding_sources :: Lens' Finding (Maybe [FindingSource])

-- | The ID of the finding.
finding_id :: Lens' Finding Text

-- | The type of the resource identified in the finding.
finding_resourceType :: Lens' Finding ResourceType

-- | The condition in the analyzed policy statement that resulted in a
--   finding.
finding_condition :: Lens' Finding (HashMap Text Text)

-- | The time at which the finding was generated.
finding_createdAt :: Lens' Finding UTCTime

-- | The time at which the resource was analyzed.
finding_analyzedAt :: Lens' Finding UTCTime

-- | The time at which the finding was updated.
finding_updatedAt :: Lens' Finding UTCTime

-- | The current status of the finding.
finding_status :: Lens' Finding FindingStatus

-- | The Amazon Web Services account ID that owns the resource.
finding_resourceOwnerAccount :: Lens' Finding Text

-- | The source of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
--   
--   <i>See:</i> <a>newFindingSource</a> smart constructor.
data FindingSource
FindingSource' :: Maybe FindingSourceDetail -> FindingSourceType -> FindingSource

-- | Includes details about how the access that generated the finding is
--   granted. This is populated for Amazon S3 bucket findings.
[$sel:detail:FindingSource'] :: FindingSource -> Maybe FindingSourceDetail

-- | Indicates the type of access that generated the finding.
[$sel:type':FindingSource'] :: FindingSource -> FindingSourceType

-- | Create a value of <a>FindingSource</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:detail:FindingSource'</a>, <a>findingSource_detail</a> -
--   Includes details about how the access that generated the finding is
--   granted. This is populated for Amazon S3 bucket findings.
--   
--   <a>$sel:type':FindingSource'</a>, <a>findingSource_type</a> -
--   Indicates the type of access that generated the finding.
newFindingSource :: FindingSourceType -> FindingSource

-- | Includes details about how the access that generated the finding is
--   granted. This is populated for Amazon S3 bucket findings.
findingSource_detail :: Lens' FindingSource (Maybe FindingSourceDetail)

-- | Indicates the type of access that generated the finding.
findingSource_type :: Lens' FindingSource FindingSourceType

-- | Includes details about how the access that generated the finding is
--   granted. This is populated for Amazon S3 bucket findings.
--   
--   <i>See:</i> <a>newFindingSourceDetail</a> smart constructor.
data FindingSourceDetail
FindingSourceDetail' :: Maybe Text -> Maybe Text -> FindingSourceDetail

-- | The account of the cross-account access point that generated the
--   finding.
[$sel:accessPointAccount:FindingSourceDetail'] :: FindingSourceDetail -> Maybe Text

-- | The ARN of the access point that generated the finding. The ARN format
--   depends on whether the ARN represents an access point or a
--   multi-region access point.
[$sel:accessPointArn:FindingSourceDetail'] :: FindingSourceDetail -> Maybe Text

-- | Create a value of <a>FindingSourceDetail</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accessPointAccount:FindingSourceDetail'</a>,
--   <a>findingSourceDetail_accessPointAccount</a> - The account of the
--   cross-account access point that generated the finding.
--   
--   <a>$sel:accessPointArn:FindingSourceDetail'</a>,
--   <a>findingSourceDetail_accessPointArn</a> - The ARN of the access
--   point that generated the finding. The ARN format depends on whether
--   the ARN represents an access point or a multi-region access point.
newFindingSourceDetail :: FindingSourceDetail

-- | The account of the cross-account access point that generated the
--   finding.
findingSourceDetail_accessPointAccount :: Lens' FindingSourceDetail (Maybe Text)

-- | The ARN of the access point that generated the finding. The ARN format
--   depends on whether the ARN represents an access point or a
--   multi-region access point.
findingSourceDetail_accessPointArn :: Lens' FindingSourceDetail (Maybe Text)

-- | Contains information about a finding.
--   
--   <i>See:</i> <a>newFindingSummary</a> smart constructor.
data FindingSummary
FindingSummary' :: Maybe [Text] -> Maybe Text -> Maybe Bool -> Maybe (HashMap Text Text) -> Maybe Text -> Maybe [FindingSource] -> Text -> ResourceType -> HashMap Text Text -> ISO8601 -> ISO8601 -> ISO8601 -> FindingStatus -> Text -> FindingSummary

-- | The action in the analyzed policy statement that an external principal
--   has permission to use.
[$sel:action:FindingSummary'] :: FindingSummary -> Maybe [Text]

-- | The error that resulted in an Error finding.
[$sel:error:FindingSummary'] :: FindingSummary -> Maybe Text

-- | Indicates whether the finding reports a resource that has a policy
--   that allows public access.
[$sel:isPublic:FindingSummary'] :: FindingSummary -> Maybe Bool

-- | The external principal that has access to a resource within the zone
--   of trust.
[$sel:principal:FindingSummary'] :: FindingSummary -> Maybe (HashMap Text Text)

-- | The resource that the external principal has access to.
[$sel:resource:FindingSummary'] :: FindingSummary -> Maybe Text

-- | The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
[$sel:sources:FindingSummary'] :: FindingSummary -> Maybe [FindingSource]

-- | The ID of the finding.
[$sel:id:FindingSummary'] :: FindingSummary -> Text

-- | The type of the resource that the external principal has access to.
[$sel:resourceType:FindingSummary'] :: FindingSummary -> ResourceType

-- | The condition in the analyzed policy statement that resulted in a
--   finding.
[$sel:condition:FindingSummary'] :: FindingSummary -> HashMap Text Text

-- | The time at which the finding was created.
[$sel:createdAt:FindingSummary'] :: FindingSummary -> ISO8601

-- | The time at which the resource-based policy that generated the finding
--   was analyzed.
[$sel:analyzedAt:FindingSummary'] :: FindingSummary -> ISO8601

-- | The time at which the finding was most recently updated.
[$sel:updatedAt:FindingSummary'] :: FindingSummary -> ISO8601

-- | The status of the finding.
[$sel:status:FindingSummary'] :: FindingSummary -> FindingStatus

-- | The Amazon Web Services account ID that owns the resource.
[$sel:resourceOwnerAccount:FindingSummary'] :: FindingSummary -> Text

-- | Create a value of <a>FindingSummary</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:action:FindingSummary'</a>, <a>findingSummary_action</a> - The
--   action in the analyzed policy statement that an external principal has
--   permission to use.
--   
--   <a>$sel:error:FindingSummary'</a>, <a>findingSummary_error</a> - The
--   error that resulted in an Error finding.
--   
--   <a>$sel:isPublic:FindingSummary'</a>, <a>findingSummary_isPublic</a> -
--   Indicates whether the finding reports a resource that has a policy
--   that allows public access.
--   
--   <a>$sel:principal:FindingSummary'</a>, <a>findingSummary_principal</a>
--   - The external principal that has access to a resource within the zone
--   of trust.
--   
--   <a>$sel:resource:FindingSummary'</a>, <a>findingSummary_resource</a> -
--   The resource that the external principal has access to.
--   
--   <a>$sel:sources:FindingSummary'</a>, <a>findingSummary_sources</a> -
--   The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
--   
--   <a>$sel:id:FindingSummary'</a>, <a>findingSummary_id</a> - The ID of
--   the finding.
--   
--   <a>$sel:resourceType:FindingSummary'</a>,
--   <a>findingSummary_resourceType</a> - The type of the resource that the
--   external principal has access to.
--   
--   <a>$sel:condition:FindingSummary'</a>, <a>findingSummary_condition</a>
--   - The condition in the analyzed policy statement that resulted in a
--   finding.
--   
--   <a>$sel:createdAt:FindingSummary'</a>, <a>findingSummary_createdAt</a>
--   - The time at which the finding was created.
--   
--   <a>$sel:analyzedAt:FindingSummary'</a>,
--   <a>findingSummary_analyzedAt</a> - The time at which the
--   resource-based policy that generated the finding was analyzed.
--   
--   <a>$sel:updatedAt:FindingSummary'</a>, <a>findingSummary_updatedAt</a>
--   - The time at which the finding was most recently updated.
--   
--   <a>$sel:status:FindingSummary'</a>, <a>findingSummary_status</a> - The
--   status of the finding.
--   
--   <a>$sel:resourceOwnerAccount:FindingSummary'</a>,
--   <a>findingSummary_resourceOwnerAccount</a> - The Amazon Web Services
--   account ID that owns the resource.
newFindingSummary :: Text -> ResourceType -> UTCTime -> UTCTime -> UTCTime -> FindingStatus -> Text -> FindingSummary

-- | The action in the analyzed policy statement that an external principal
--   has permission to use.
findingSummary_action :: Lens' FindingSummary (Maybe [Text])

-- | The error that resulted in an Error finding.
findingSummary_error :: Lens' FindingSummary (Maybe Text)

-- | Indicates whether the finding reports a resource that has a policy
--   that allows public access.
findingSummary_isPublic :: Lens' FindingSummary (Maybe Bool)

-- | The external principal that has access to a resource within the zone
--   of trust.
findingSummary_principal :: Lens' FindingSummary (Maybe (HashMap Text Text))

-- | The resource that the external principal has access to.
findingSummary_resource :: Lens' FindingSummary (Maybe Text)

-- | The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
findingSummary_sources :: Lens' FindingSummary (Maybe [FindingSource])

-- | The ID of the finding.
findingSummary_id :: Lens' FindingSummary Text

-- | The type of the resource that the external principal has access to.
findingSummary_resourceType :: Lens' FindingSummary ResourceType

-- | The condition in the analyzed policy statement that resulted in a
--   finding.
findingSummary_condition :: Lens' FindingSummary (HashMap Text Text)

-- | The time at which the finding was created.
findingSummary_createdAt :: Lens' FindingSummary UTCTime

-- | The time at which the resource-based policy that generated the finding
--   was analyzed.
findingSummary_analyzedAt :: Lens' FindingSummary UTCTime

-- | The time at which the finding was most recently updated.
findingSummary_updatedAt :: Lens' FindingSummary UTCTime

-- | The status of the finding.
findingSummary_status :: Lens' FindingSummary FindingStatus

-- | The Amazon Web Services account ID that owns the resource.
findingSummary_resourceOwnerAccount :: Lens' FindingSummary Text

-- | Contains the text for the generated policy.
--   
--   <i>See:</i> <a>newGeneratedPolicy</a> smart constructor.
data GeneratedPolicy
GeneratedPolicy' :: Text -> GeneratedPolicy

-- | The text to use as the content for the new policy. The policy is
--   created using the <a>CreatePolicy</a> action.
[$sel:policy:GeneratedPolicy'] :: GeneratedPolicy -> Text

-- | Create a value of <a>GeneratedPolicy</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:policy:GeneratedPolicy'</a>, <a>generatedPolicy_policy</a> -
--   The text to use as the content for the new policy. The policy is
--   created using the <a>CreatePolicy</a> action.
newGeneratedPolicy :: Text -> GeneratedPolicy

-- | The text to use as the content for the new policy. The policy is
--   created using the <a>CreatePolicy</a> action.
generatedPolicy_policy :: Lens' GeneratedPolicy Text

-- | Contains the generated policy details.
--   
--   <i>See:</i> <a>newGeneratedPolicyProperties</a> smart constructor.
data GeneratedPolicyProperties
GeneratedPolicyProperties' :: Maybe CloudTrailProperties -> Maybe Bool -> Text -> GeneratedPolicyProperties

-- | Lists details about the <tt>Trail</tt> used to generated policy.
[$sel:cloudTrailProperties:GeneratedPolicyProperties'] :: GeneratedPolicyProperties -> Maybe CloudTrailProperties

-- | This value is set to <tt>true</tt> if the generated policy contains
--   all possible actions for a service that IAM Access Analyzer identified
--   from the CloudTrail trail that you specified, and <tt>false</tt>
--   otherwise.
[$sel:isComplete:GeneratedPolicyProperties'] :: GeneratedPolicyProperties -> Maybe Bool

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy.
[$sel:principalArn:GeneratedPolicyProperties'] :: GeneratedPolicyProperties -> Text

-- | Create a value of <a>GeneratedPolicyProperties</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:cloudTrailProperties:GeneratedPolicyProperties'</a>,
--   <a>generatedPolicyProperties_cloudTrailProperties</a> - Lists details
--   about the <tt>Trail</tt> used to generated policy.
--   
--   <a>$sel:isComplete:GeneratedPolicyProperties'</a>,
--   <a>generatedPolicyProperties_isComplete</a> - This value is set to
--   <tt>true</tt> if the generated policy contains all possible actions
--   for a service that IAM Access Analyzer identified from the CloudTrail
--   trail that you specified, and <tt>false</tt> otherwise.
--   
--   <a>$sel:principalArn:GeneratedPolicyProperties'</a>,
--   <a>generatedPolicyProperties_principalArn</a> - The ARN of the IAM
--   entity (user or role) for which you are generating a policy.
newGeneratedPolicyProperties :: Text -> GeneratedPolicyProperties

-- | Lists details about the <tt>Trail</tt> used to generated policy.
generatedPolicyProperties_cloudTrailProperties :: Lens' GeneratedPolicyProperties (Maybe CloudTrailProperties)

-- | This value is set to <tt>true</tt> if the generated policy contains
--   all possible actions for a service that IAM Access Analyzer identified
--   from the CloudTrail trail that you specified, and <tt>false</tt>
--   otherwise.
generatedPolicyProperties_isComplete :: Lens' GeneratedPolicyProperties (Maybe Bool)

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy.
generatedPolicyProperties_principalArn :: Lens' GeneratedPolicyProperties Text

-- | Contains the text for the generated policy and its details.
--   
--   <i>See:</i> <a>newGeneratedPolicyResult</a> smart constructor.
data GeneratedPolicyResult
GeneratedPolicyResult' :: Maybe [GeneratedPolicy] -> GeneratedPolicyProperties -> GeneratedPolicyResult

-- | The text to use as the content for the new policy. The policy is
--   created using the <a>CreatePolicy</a> action.
[$sel:generatedPolicies:GeneratedPolicyResult'] :: GeneratedPolicyResult -> Maybe [GeneratedPolicy]

-- | A <tt>GeneratedPolicyProperties</tt> object that contains properties
--   of the generated policy.
[$sel:properties:GeneratedPolicyResult'] :: GeneratedPolicyResult -> GeneratedPolicyProperties

-- | Create a value of <a>GeneratedPolicyResult</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:generatedPolicies:GeneratedPolicyResult'</a>,
--   <a>generatedPolicyResult_generatedPolicies</a> - The text to use as
--   the content for the new policy. The policy is created using the
--   <a>CreatePolicy</a> action.
--   
--   <a>$sel:properties:GeneratedPolicyResult'</a>,
--   <a>generatedPolicyResult_properties</a> - A
--   <tt>GeneratedPolicyProperties</tt> object that contains properties of
--   the generated policy.
newGeneratedPolicyResult :: GeneratedPolicyProperties -> GeneratedPolicyResult

-- | The text to use as the content for the new policy. The policy is
--   created using the <a>CreatePolicy</a> action.
generatedPolicyResult_generatedPolicies :: Lens' GeneratedPolicyResult (Maybe [GeneratedPolicy])

-- | A <tt>GeneratedPolicyProperties</tt> object that contains properties
--   of the generated policy.
generatedPolicyResult_properties :: Lens' GeneratedPolicyResult GeneratedPolicyProperties

-- | The proposed access control configuration for an IAM role. You can
--   propose a configuration for a new IAM role or an existing IAM role
--   that you own by specifying the trust policy. If the configuration is
--   for a new IAM role, you must specify the trust policy. If the
--   configuration is for an existing IAM role that you own and you do not
--   propose the trust policy, the access preview uses the existing trust
--   policy for the role. The proposed trust policy cannot be an empty
--   string. For more information about role trust policy limits, see
--   <a>IAM and STS quotas</a>.
--   
--   <i>See:</i> <a>newIamRoleConfiguration</a> smart constructor.
data IamRoleConfiguration
IamRoleConfiguration' :: Maybe Text -> IamRoleConfiguration

-- | The proposed trust policy for the IAM role.
[$sel:trustPolicy:IamRoleConfiguration'] :: IamRoleConfiguration -> Maybe Text

-- | Create a value of <a>IamRoleConfiguration</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:trustPolicy:IamRoleConfiguration'</a>,
--   <a>iamRoleConfiguration_trustPolicy</a> - The proposed trust policy
--   for the IAM role.
newIamRoleConfiguration :: IamRoleConfiguration

-- | The proposed trust policy for the IAM role.
iamRoleConfiguration_trustPolicy :: Lens' IamRoleConfiguration (Maybe Text)

-- | An criterion statement in an archive rule. Each archive rule may have
--   multiple criteria.
--   
--   <i>See:</i> <a>newInlineArchiveRule</a> smart constructor.
data InlineArchiveRule
InlineArchiveRule' :: Text -> HashMap Text Criterion -> InlineArchiveRule

-- | The name of the rule.
[$sel:ruleName:InlineArchiveRule'] :: InlineArchiveRule -> Text

-- | The condition and values for a criterion.
[$sel:filter':InlineArchiveRule'] :: InlineArchiveRule -> HashMap Text Criterion

-- | Create a value of <a>InlineArchiveRule</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:ruleName:InlineArchiveRule'</a>,
--   <a>inlineArchiveRule_ruleName</a> - The name of the rule.
--   
--   <a>$sel:filter':InlineArchiveRule'</a>,
--   <a>inlineArchiveRule_filter</a> - The condition and values for a
--   criterion.
newInlineArchiveRule :: Text -> InlineArchiveRule

-- | The name of the rule.
inlineArchiveRule_ruleName :: Lens' InlineArchiveRule Text

-- | The condition and values for a criterion.
inlineArchiveRule_filter :: Lens' InlineArchiveRule (HashMap Text Criterion)

-- | This configuration sets the network origin for the Amazon S3 access
--   point or multi-region access point to <tt>Internet</tt>.
--   
--   <i>See:</i> <a>newInternetConfiguration</a> smart constructor.
data InternetConfiguration
InternetConfiguration' :: InternetConfiguration

-- | Create a value of <a>InternetConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newInternetConfiguration :: InternetConfiguration

-- | Contains details about the policy generation request.
--   
--   <i>See:</i> <a>newJobDetails</a> smart constructor.
data JobDetails
JobDetails' :: Maybe ISO8601 -> Maybe JobError -> Text -> JobStatus -> ISO8601 -> JobDetails

-- | A timestamp of when the job was completed.
[$sel:completedOn:JobDetails'] :: JobDetails -> Maybe ISO8601

-- | The job error for the policy generation request.
[$sel:jobError:JobDetails'] :: JobDetails -> Maybe JobError

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
[$sel:jobId:JobDetails'] :: JobDetails -> Text

-- | The status of the job request.
[$sel:status:JobDetails'] :: JobDetails -> JobStatus

-- | A timestamp of when the job was started.
[$sel:startedOn:JobDetails'] :: JobDetails -> ISO8601

-- | Create a value of <a>JobDetails</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:completedOn:JobDetails'</a>, <a>jobDetails_completedOn</a> - A
--   timestamp of when the job was completed.
--   
--   <a>$sel:jobError:JobDetails'</a>, <a>jobDetails_jobError</a> - The job
--   error for the policy generation request.
--   
--   <a>$sel:jobId:JobDetails'</a>, <a>jobDetails_jobId</a> - The
--   <tt>JobId</tt> that is returned by the <tt>StartPolicyGeneration</tt>
--   operation. The <tt>JobId</tt> can be used with
--   <tt>GetGeneratedPolicy</tt> to retrieve the generated policies or used
--   with <tt>CancelPolicyGeneration</tt> to cancel the policy generation
--   request.
--   
--   <a>$sel:status:JobDetails'</a>, <a>jobDetails_status</a> - The status
--   of the job request.
--   
--   <a>$sel:startedOn:JobDetails'</a>, <a>jobDetails_startedOn</a> - A
--   timestamp of when the job was started.
newJobDetails :: Text -> JobStatus -> UTCTime -> JobDetails

-- | A timestamp of when the job was completed.
jobDetails_completedOn :: Lens' JobDetails (Maybe UTCTime)

-- | The job error for the policy generation request.
jobDetails_jobError :: Lens' JobDetails (Maybe JobError)

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
jobDetails_jobId :: Lens' JobDetails Text

-- | The status of the job request.
jobDetails_status :: Lens' JobDetails JobStatus

-- | A timestamp of when the job was started.
jobDetails_startedOn :: Lens' JobDetails UTCTime

-- | Contains the details about the policy generation error.
--   
--   <i>See:</i> <a>newJobError</a> smart constructor.
data JobError
JobError' :: JobErrorCode -> Text -> JobError

-- | The job error code.
[$sel:code:JobError'] :: JobError -> JobErrorCode

-- | Specific information about the error. For example, which service quota
--   was exceeded or which resource was not found.
[$sel:message:JobError'] :: JobError -> Text

-- | Create a value of <a>JobError</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:code:JobError'</a>, <a>jobError_code</a> - The job error code.
--   
--   <a>$sel:message:JobError'</a>, <a>jobError_message</a> - Specific
--   information about the error. For example, which service quota was
--   exceeded or which resource was not found.
newJobError :: JobErrorCode -> Text -> JobError

-- | The job error code.
jobError_code :: Lens' JobError JobErrorCode

-- | Specific information about the error. For example, which service quota
--   was exceeded or which resource was not found.
jobError_message :: Lens' JobError Text

-- | A proposed grant configuration for a KMS key. For more information,
--   see <a>CreateGrant</a>.
--   
--   <i>See:</i> <a>newKmsGrantConfiguration</a> smart constructor.
data KmsGrantConfiguration
KmsGrantConfiguration' :: Maybe KmsGrantConstraints -> Maybe Text -> [KmsGrantOperation] -> Text -> Text -> KmsGrantConfiguration

-- | Use this structure to propose allowing <a>cryptographic operations</a>
--   in the grant only when the operation request includes the specified
--   <a>encryption context</a>.
[$sel:constraints:KmsGrantConfiguration'] :: KmsGrantConfiguration -> Maybe KmsGrantConstraints

-- | The principal that is given permission to retire the grant by using
--   <a>RetireGrant</a> operation.
[$sel:retiringPrincipal:KmsGrantConfiguration'] :: KmsGrantConfiguration -> Maybe Text

-- | A list of operations that the grant permits.
[$sel:operations:KmsGrantConfiguration'] :: KmsGrantConfiguration -> [KmsGrantOperation]

-- | The principal that is given permission to perform the operations that
--   the grant permits.
[$sel:granteePrincipal:KmsGrantConfiguration'] :: KmsGrantConfiguration -> Text

-- | The Amazon Web Services account under which the grant was issued. The
--   account is used to propose KMS grants issued by accounts other than
--   the owner of the key.
[$sel:issuingAccount:KmsGrantConfiguration'] :: KmsGrantConfiguration -> Text

-- | Create a value of <a>KmsGrantConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:constraints:KmsGrantConfiguration'</a>,
--   <a>kmsGrantConfiguration_constraints</a> - Use this structure to
--   propose allowing <a>cryptographic operations</a> in the grant only
--   when the operation request includes the specified <a>encryption
--   context</a>.
--   
--   <a>$sel:retiringPrincipal:KmsGrantConfiguration'</a>,
--   <a>kmsGrantConfiguration_retiringPrincipal</a> - The principal that is
--   given permission to retire the grant by using <a>RetireGrant</a>
--   operation.
--   
--   <a>$sel:operations:KmsGrantConfiguration'</a>,
--   <a>kmsGrantConfiguration_operations</a> - A list of operations that
--   the grant permits.
--   
--   <a>$sel:granteePrincipal:KmsGrantConfiguration'</a>,
--   <a>kmsGrantConfiguration_granteePrincipal</a> - The principal that is
--   given permission to perform the operations that the grant permits.
--   
--   <a>$sel:issuingAccount:KmsGrantConfiguration'</a>,
--   <a>kmsGrantConfiguration_issuingAccount</a> - The Amazon Web Services
--   account under which the grant was issued. The account is used to
--   propose KMS grants issued by accounts other than the owner of the key.
newKmsGrantConfiguration :: Text -> Text -> KmsGrantConfiguration

-- | Use this structure to propose allowing <a>cryptographic operations</a>
--   in the grant only when the operation request includes the specified
--   <a>encryption context</a>.
kmsGrantConfiguration_constraints :: Lens' KmsGrantConfiguration (Maybe KmsGrantConstraints)

-- | The principal that is given permission to retire the grant by using
--   <a>RetireGrant</a> operation.
kmsGrantConfiguration_retiringPrincipal :: Lens' KmsGrantConfiguration (Maybe Text)

-- | A list of operations that the grant permits.
kmsGrantConfiguration_operations :: Lens' KmsGrantConfiguration [KmsGrantOperation]

-- | The principal that is given permission to perform the operations that
--   the grant permits.
kmsGrantConfiguration_granteePrincipal :: Lens' KmsGrantConfiguration Text

-- | The Amazon Web Services account under which the grant was issued. The
--   account is used to propose KMS grants issued by accounts other than
--   the owner of the key.
kmsGrantConfiguration_issuingAccount :: Lens' KmsGrantConfiguration Text

-- | Use this structure to propose allowing <a>cryptographic operations</a>
--   in the grant only when the operation request includes the specified
--   <a>encryption context</a>. You can specify only one type of encryption
--   context. An empty map is treated as not specified. For more
--   information, see <a>GrantConstraints</a>.
--   
--   <i>See:</i> <a>newKmsGrantConstraints</a> smart constructor.
data KmsGrantConstraints
KmsGrantConstraints' :: Maybe (HashMap Text Text) -> Maybe (HashMap Text Text) -> KmsGrantConstraints

-- | A list of key-value pairs that must match the encryption context in
--   the <a>cryptographic operation</a> request. The grant allows the
--   operation only when the encryption context in the request is the same
--   as the encryption context specified in this constraint.
[$sel:encryptionContextEquals:KmsGrantConstraints'] :: KmsGrantConstraints -> Maybe (HashMap Text Text)

-- | A list of key-value pairs that must be included in the encryption
--   context of the <a>cryptographic operation</a> request. The grant
--   allows the cryptographic operation only when the encryption context in
--   the request includes the key-value pairs specified in this constraint,
--   although it can include additional key-value pairs.
[$sel:encryptionContextSubset:KmsGrantConstraints'] :: KmsGrantConstraints -> Maybe (HashMap Text Text)

-- | Create a value of <a>KmsGrantConstraints</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:encryptionContextEquals:KmsGrantConstraints'</a>,
--   <a>kmsGrantConstraints_encryptionContextEquals</a> - A list of
--   key-value pairs that must match the encryption context in the
--   <a>cryptographic operation</a> request. The grant allows the operation
--   only when the encryption context in the request is the same as the
--   encryption context specified in this constraint.
--   
--   <a>$sel:encryptionContextSubset:KmsGrantConstraints'</a>,
--   <a>kmsGrantConstraints_encryptionContextSubset</a> - A list of
--   key-value pairs that must be included in the encryption context of the
--   <a>cryptographic operation</a> request. The grant allows the
--   cryptographic operation only when the encryption context in the
--   request includes the key-value pairs specified in this constraint,
--   although it can include additional key-value pairs.
newKmsGrantConstraints :: KmsGrantConstraints

-- | A list of key-value pairs that must match the encryption context in
--   the <a>cryptographic operation</a> request. The grant allows the
--   operation only when the encryption context in the request is the same
--   as the encryption context specified in this constraint.
kmsGrantConstraints_encryptionContextEquals :: Lens' KmsGrantConstraints (Maybe (HashMap Text Text))

-- | A list of key-value pairs that must be included in the encryption
--   context of the <a>cryptographic operation</a> request. The grant
--   allows the cryptographic operation only when the encryption context in
--   the request includes the key-value pairs specified in this constraint,
--   although it can include additional key-value pairs.
kmsGrantConstraints_encryptionContextSubset :: Lens' KmsGrantConstraints (Maybe (HashMap Text Text))

-- | Proposed access control configuration for a KMS key. You can propose a
--   configuration for a new KMS key or an existing KMS key that you own by
--   specifying the key policy and KMS grant configuration. If the
--   configuration is for an existing key and you do not specify the key
--   policy, the access preview uses the existing policy for the key. If
--   the access preview is for a new resource and you do not specify the
--   key policy, then the access preview uses the default key policy. The
--   proposed key policy cannot be an empty string. For more information,
--   see <a>Default key policy</a>. For more information about key policy
--   limits, see <a>Resource quotas</a>.
--   
--   <i>See:</i> <a>newKmsKeyConfiguration</a> smart constructor.
data KmsKeyConfiguration
KmsKeyConfiguration' :: Maybe [KmsGrantConfiguration] -> Maybe (HashMap Text Text) -> KmsKeyConfiguration

-- | A list of proposed grant configurations for the KMS key. If the
--   proposed grant configuration is for an existing key, the access
--   preview uses the proposed list of grant configurations in place of the
--   existing grants. Otherwise, the access preview uses the existing
--   grants for the key.
[$sel:grants:KmsKeyConfiguration'] :: KmsKeyConfiguration -> Maybe [KmsGrantConfiguration]

-- | Resource policy configuration for the KMS key. The only valid value
--   for the name of the key policy is <tt>default</tt>. For more
--   information, see <a>Default key policy</a>.
[$sel:keyPolicies:KmsKeyConfiguration'] :: KmsKeyConfiguration -> Maybe (HashMap Text Text)

-- | Create a value of <a>KmsKeyConfiguration</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:grants:KmsKeyConfiguration'</a>,
--   <a>kmsKeyConfiguration_grants</a> - A list of proposed grant
--   configurations for the KMS key. If the proposed grant configuration is
--   for an existing key, the access preview uses the proposed list of
--   grant configurations in place of the existing grants. Otherwise, the
--   access preview uses the existing grants for the key.
--   
--   <a>$sel:keyPolicies:KmsKeyConfiguration'</a>,
--   <a>kmsKeyConfiguration_keyPolicies</a> - Resource policy configuration
--   for the KMS key. The only valid value for the name of the key policy
--   is <tt>default</tt>. For more information, see <a>Default key
--   policy</a>.
newKmsKeyConfiguration :: KmsKeyConfiguration

-- | A list of proposed grant configurations for the KMS key. If the
--   proposed grant configuration is for an existing key, the access
--   preview uses the proposed list of grant configurations in place of the
--   existing grants. Otherwise, the access preview uses the existing
--   grants for the key.
kmsKeyConfiguration_grants :: Lens' KmsKeyConfiguration (Maybe [KmsGrantConfiguration])

-- | Resource policy configuration for the KMS key. The only valid value
--   for the name of the key policy is <tt>default</tt>. For more
--   information, see <a>Default key policy</a>.
kmsKeyConfiguration_keyPolicies :: Lens' KmsKeyConfiguration (Maybe (HashMap Text Text))

-- | A location in a policy that is represented as a path through the JSON
--   representation and a corresponding span.
--   
--   <i>See:</i> <a>newLocation</a> smart constructor.
data Location
Location' :: [PathElement] -> Span -> Location

-- | A path in a policy, represented as a sequence of path elements.
[$sel:path:Location'] :: Location -> [PathElement]

-- | A span in a policy.
[$sel:span:Location'] :: Location -> Span

-- | Create a value of <a>Location</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:path:Location'</a>, <a>location_path</a> - A path in a policy,
--   represented as a sequence of path elements.
--   
--   <a>$sel:span:Location'</a>, <a>location_span</a> - A span in a policy.
newLocation :: Span -> Location

-- | A path in a policy, represented as a sequence of path elements.
location_path :: Lens' Location [PathElement]

-- | A span in a policy.
location_span :: Lens' Location Span

-- | The proposed <tt>InternetConfiguration</tt> or
--   <tt>VpcConfiguration</tt> to apply to the Amazon S3 access point.
--   <tt>VpcConfiguration</tt> does not apply to multi-region access
--   points. You can make the access point accessible from the internet, or
--   you can specify that all requests made through that access point must
--   originate from a specific virtual private cloud (VPC). You can specify
--   only one type of network configuration. For more information, see
--   <a>Creating access points</a>.
--   
--   <i>See:</i> <a>newNetworkOriginConfiguration</a> smart constructor.
data NetworkOriginConfiguration
NetworkOriginConfiguration' :: Maybe InternetConfiguration -> Maybe VpcConfiguration -> NetworkOriginConfiguration

-- | The configuration for the Amazon S3 access point or multi-region
--   access point with an <tt>Internet</tt> origin.
[$sel:internetConfiguration:NetworkOriginConfiguration'] :: NetworkOriginConfiguration -> Maybe InternetConfiguration
[$sel:vpcConfiguration:NetworkOriginConfiguration'] :: NetworkOriginConfiguration -> Maybe VpcConfiguration

-- | Create a value of <a>NetworkOriginConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:internetConfiguration:NetworkOriginConfiguration'</a>,
--   <a>networkOriginConfiguration_internetConfiguration</a> - The
--   configuration for the Amazon S3 access point or multi-region access
--   point with an <tt>Internet</tt> origin.
--   
--   <a>$sel:vpcConfiguration:NetworkOriginConfiguration'</a>,
--   <a>networkOriginConfiguration_vpcConfiguration</a> - Undocumented
--   member.
newNetworkOriginConfiguration :: NetworkOriginConfiguration

-- | The configuration for the Amazon S3 access point or multi-region
--   access point with an <tt>Internet</tt> origin.
networkOriginConfiguration_internetConfiguration :: Lens' NetworkOriginConfiguration (Maybe InternetConfiguration)

-- | Undocumented member.
networkOriginConfiguration_vpcConfiguration :: Lens' NetworkOriginConfiguration (Maybe VpcConfiguration)

-- | A single element in a path through the JSON representation of a
--   policy.
--   
--   <i>See:</i> <a>newPathElement</a> smart constructor.
data PathElement
PathElement' :: Maybe Int -> Maybe Text -> Maybe Substring -> Maybe Text -> PathElement

-- | Refers to an index in a JSON array.
[$sel:index:PathElement'] :: PathElement -> Maybe Int

-- | Refers to a key in a JSON object.
[$sel:key:PathElement'] :: PathElement -> Maybe Text

-- | Refers to a substring of a literal string in a JSON object.
[$sel:substring:PathElement'] :: PathElement -> Maybe Substring

-- | Refers to the value associated with a given key in a JSON object.
[$sel:value:PathElement'] :: PathElement -> Maybe Text

-- | Create a value of <a>PathElement</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:index:PathElement'</a>, <a>pathElement_index</a> - Refers to
--   an index in a JSON array.
--   
--   <a>$sel:key:PathElement'</a>, <a>pathElement_key</a> - Refers to a key
--   in a JSON object.
--   
--   <a>$sel:substring:PathElement'</a>, <a>pathElement_substring</a> -
--   Refers to a substring of a literal string in a JSON object.
--   
--   <a>$sel:value:PathElement'</a>, <a>pathElement_value</a> - Refers to
--   the value associated with a given key in a JSON object.
newPathElement :: PathElement

-- | Refers to an index in a JSON array.
pathElement_index :: Lens' PathElement (Maybe Int)

-- | Refers to a key in a JSON object.
pathElement_key :: Lens' PathElement (Maybe Text)

-- | Refers to a substring of a literal string in a JSON object.
pathElement_substring :: Lens' PathElement (Maybe Substring)

-- | Refers to the value associated with a given key in a JSON object.
pathElement_value :: Lens' PathElement (Maybe Text)

-- | Contains details about the policy generation status and properties.
--   
--   <i>See:</i> <a>newPolicyGeneration</a> smart constructor.
data PolicyGeneration
PolicyGeneration' :: Maybe ISO8601 -> Text -> Text -> JobStatus -> ISO8601 -> PolicyGeneration

-- | A timestamp of when the policy generation was completed.
[$sel:completedOn:PolicyGeneration'] :: PolicyGeneration -> Maybe ISO8601

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
[$sel:jobId:PolicyGeneration'] :: PolicyGeneration -> Text

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy.
[$sel:principalArn:PolicyGeneration'] :: PolicyGeneration -> Text

-- | The status of the policy generation request.
[$sel:status:PolicyGeneration'] :: PolicyGeneration -> JobStatus

-- | A timestamp of when the policy generation started.
[$sel:startedOn:PolicyGeneration'] :: PolicyGeneration -> ISO8601

-- | Create a value of <a>PolicyGeneration</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:completedOn:PolicyGeneration'</a>,
--   <a>policyGeneration_completedOn</a> - A timestamp of when the policy
--   generation was completed.
--   
--   <a>$sel:jobId:PolicyGeneration'</a>, <a>policyGeneration_jobId</a> -
--   The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
--   
--   <a>$sel:principalArn:PolicyGeneration'</a>,
--   <a>policyGeneration_principalArn</a> - The ARN of the IAM entity (user
--   or role) for which you are generating a policy.
--   
--   <a>$sel:status:PolicyGeneration'</a>, <a>policyGeneration_status</a> -
--   The status of the policy generation request.
--   
--   <a>$sel:startedOn:PolicyGeneration'</a>,
--   <a>policyGeneration_startedOn</a> - A timestamp of when the policy
--   generation started.
newPolicyGeneration :: Text -> Text -> JobStatus -> UTCTime -> PolicyGeneration

-- | A timestamp of when the policy generation was completed.
policyGeneration_completedOn :: Lens' PolicyGeneration (Maybe UTCTime)

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
policyGeneration_jobId :: Lens' PolicyGeneration Text

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy.
policyGeneration_principalArn :: Lens' PolicyGeneration Text

-- | The status of the policy generation request.
policyGeneration_status :: Lens' PolicyGeneration JobStatus

-- | A timestamp of when the policy generation started.
policyGeneration_startedOn :: Lens' PolicyGeneration UTCTime

-- | Contains the ARN details about the IAM entity for which the policy is
--   generated.
--   
--   <i>See:</i> <a>newPolicyGenerationDetails</a> smart constructor.
data PolicyGenerationDetails
PolicyGenerationDetails' :: Text -> PolicyGenerationDetails

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy.
[$sel:principalArn:PolicyGenerationDetails'] :: PolicyGenerationDetails -> Text

-- | Create a value of <a>PolicyGenerationDetails</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:principalArn:PolicyGenerationDetails'</a>,
--   <a>policyGenerationDetails_principalArn</a> - The ARN of the IAM
--   entity (user or role) for which you are generating a policy.
newPolicyGenerationDetails :: Text -> PolicyGenerationDetails

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy.
policyGenerationDetails_principalArn :: Lens' PolicyGenerationDetails Text

-- | A position in a policy.
--   
--   <i>See:</i> <a>newPosition</a> smart constructor.
data Position
Position' :: Int -> Int -> Int -> Position

-- | The line of the position, starting from 1.
[$sel:line:Position'] :: Position -> Int

-- | The column of the position, starting from 0.
[$sel:column:Position'] :: Position -> Int

-- | The offset within the policy that corresponds to the position,
--   starting from 0.
[$sel:offset:Position'] :: Position -> Int

-- | Create a value of <a>Position</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:line:Position'</a>, <a>position_line</a> - The line of the
--   position, starting from 1.
--   
--   <a>$sel:column:Position'</a>, <a>position_column</a> - The column of
--   the position, starting from 0.
--   
--   <a>$sel:offset:Position'</a>, <a>position_offset</a> - The offset
--   within the policy that corresponds to the position, starting from 0.
newPosition :: Int -> Int -> Int -> Position

-- | The line of the position, starting from 1.
position_line :: Lens' Position Int

-- | The column of the position, starting from 0.
position_column :: Lens' Position Int

-- | The offset within the policy that corresponds to the position,
--   starting from 0.
position_offset :: Lens' Position Int

-- | The values for a manual Amazon RDS DB cluster snapshot attribute.
--   
--   <i>See:</i> <a>newRdsDbClusterSnapshotAttributeValue</a> smart
--   constructor.
data RdsDbClusterSnapshotAttributeValue
RdsDbClusterSnapshotAttributeValue' :: Maybe [Text] -> RdsDbClusterSnapshotAttributeValue

-- | The Amazon Web Services account IDs that have access to the manual
--   Amazon RDS DB cluster snapshot. If the value <tt>all</tt> is
--   specified, then the Amazon RDS DB cluster snapshot is public and can
--   be copied or restored by all Amazon Web Services accounts.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB cluster
--   snapshot and you do not specify the <tt>accountIds</tt> in
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>, then the access preview
--   uses the existing shared <tt>accountIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>accountIds</tt> in
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>, then the access preview
--   considers the snapshot without any attributes.</li>
--   <li>To propose deletion of existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>accountIds</tt> in the
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>.</li>
--   </ul>
[$sel:accountIds:RdsDbClusterSnapshotAttributeValue'] :: RdsDbClusterSnapshotAttributeValue -> Maybe [Text]

-- | Create a value of <a>RdsDbClusterSnapshotAttributeValue</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accountIds:RdsDbClusterSnapshotAttributeValue'</a>,
--   <a>rdsDbClusterSnapshotAttributeValue_accountIds</a> - The Amazon Web
--   Services account IDs that have access to the manual Amazon RDS DB
--   cluster snapshot. If the value <tt>all</tt> is specified, then the
--   Amazon RDS DB cluster snapshot is public and can be copied or restored
--   by all Amazon Web Services accounts.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB cluster
--   snapshot and you do not specify the <tt>accountIds</tt> in
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>, then the access preview
--   uses the existing shared <tt>accountIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>accountIds</tt> in
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>, then the access preview
--   considers the snapshot without any attributes.</li>
--   <li>To propose deletion of existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>accountIds</tt> in the
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>.</li>
--   </ul>
newRdsDbClusterSnapshotAttributeValue :: RdsDbClusterSnapshotAttributeValue

-- | The Amazon Web Services account IDs that have access to the manual
--   Amazon RDS DB cluster snapshot. If the value <tt>all</tt> is
--   specified, then the Amazon RDS DB cluster snapshot is public and can
--   be copied or restored by all Amazon Web Services accounts.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB cluster
--   snapshot and you do not specify the <tt>accountIds</tt> in
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>, then the access preview
--   uses the existing shared <tt>accountIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>accountIds</tt> in
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>, then the access preview
--   considers the snapshot without any attributes.</li>
--   <li>To propose deletion of existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>accountIds</tt> in the
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>.</li>
--   </ul>
rdsDbClusterSnapshotAttributeValue_accountIds :: Lens' RdsDbClusterSnapshotAttributeValue (Maybe [Text])

-- | The proposed access control configuration for an Amazon RDS DB cluster
--   snapshot. You can propose a configuration for a new Amazon RDS DB
--   cluster snapshot or an Amazon RDS DB cluster snapshot that you own by
--   specifying the <tt>RdsDbClusterSnapshotAttributeValue</tt> and
--   optional KMS encryption key. For more information, see
--   <a>ModifyDBClusterSnapshotAttribute</a>.
--   
--   <i>See:</i> <a>newRdsDbClusterSnapshotConfiguration</a> smart
--   constructor.
data RdsDbClusterSnapshotConfiguration
RdsDbClusterSnapshotConfiguration' :: Maybe (HashMap Text RdsDbClusterSnapshotAttributeValue) -> Maybe Text -> RdsDbClusterSnapshotConfiguration

-- | The names and values of manual DB cluster snapshot attributes. Manual
--   DB cluster snapshot attributes are used to authorize other Amazon Web
--   Services accounts to restore a manual DB cluster snapshot. The only
--   valid value for <tt>AttributeName</tt> for the attribute map is
--   <tt>restore</tt>
[$sel:attributes:RdsDbClusterSnapshotConfiguration'] :: RdsDbClusterSnapshotConfiguration -> Maybe (HashMap Text RdsDbClusterSnapshotAttributeValue)

-- | The KMS key identifier for an encrypted Amazon RDS DB cluster
--   snapshot. The KMS key identifier is the key ARN, key ID, alias ARN, or
--   alias name for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB cluster
--   snapshot and you do not specify the <tt>kmsKeyId</tt>, or you specify
--   an empty string, then the access preview uses the existing
--   <tt>kmsKeyId</tt> of the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>kmsKeyId</tt>, then the access preview considers
--   the snapshot as unencrypted.</li>
--   </ul>
[$sel:kmsKeyId:RdsDbClusterSnapshotConfiguration'] :: RdsDbClusterSnapshotConfiguration -> Maybe Text

-- | Create a value of <a>RdsDbClusterSnapshotConfiguration</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:attributes:RdsDbClusterSnapshotConfiguration'</a>,
--   <a>rdsDbClusterSnapshotConfiguration_attributes</a> - The names and
--   values of manual DB cluster snapshot attributes. Manual DB cluster
--   snapshot attributes are used to authorize other Amazon Web Services
--   accounts to restore a manual DB cluster snapshot. The only valid value
--   for <tt>AttributeName</tt> for the attribute map is <tt>restore</tt>
--   
--   <a>$sel:kmsKeyId:RdsDbClusterSnapshotConfiguration'</a>,
--   <a>rdsDbClusterSnapshotConfiguration_kmsKeyId</a> - The KMS key
--   identifier for an encrypted Amazon RDS DB cluster snapshot. The KMS
--   key identifier is the key ARN, key ID, alias ARN, or alias name for
--   the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB cluster
--   snapshot and you do not specify the <tt>kmsKeyId</tt>, or you specify
--   an empty string, then the access preview uses the existing
--   <tt>kmsKeyId</tt> of the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>kmsKeyId</tt>, then the access preview considers
--   the snapshot as unencrypted.</li>
--   </ul>
newRdsDbClusterSnapshotConfiguration :: RdsDbClusterSnapshotConfiguration

-- | The names and values of manual DB cluster snapshot attributes. Manual
--   DB cluster snapshot attributes are used to authorize other Amazon Web
--   Services accounts to restore a manual DB cluster snapshot. The only
--   valid value for <tt>AttributeName</tt> for the attribute map is
--   <tt>restore</tt>
rdsDbClusterSnapshotConfiguration_attributes :: Lens' RdsDbClusterSnapshotConfiguration (Maybe (HashMap Text RdsDbClusterSnapshotAttributeValue))

-- | The KMS key identifier for an encrypted Amazon RDS DB cluster
--   snapshot. The KMS key identifier is the key ARN, key ID, alias ARN, or
--   alias name for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB cluster
--   snapshot and you do not specify the <tt>kmsKeyId</tt>, or you specify
--   an empty string, then the access preview uses the existing
--   <tt>kmsKeyId</tt> of the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>kmsKeyId</tt>, then the access preview considers
--   the snapshot as unencrypted.</li>
--   </ul>
rdsDbClusterSnapshotConfiguration_kmsKeyId :: Lens' RdsDbClusterSnapshotConfiguration (Maybe Text)

-- | The name and values of a manual Amazon RDS DB snapshot attribute.
--   Manual DB snapshot attributes are used to authorize other Amazon Web
--   Services accounts to restore a manual DB snapshot.
--   
--   <i>See:</i> <a>newRdsDbSnapshotAttributeValue</a> smart constructor.
data RdsDbSnapshotAttributeValue
RdsDbSnapshotAttributeValue' :: Maybe [Text] -> RdsDbSnapshotAttributeValue

-- | The Amazon Web Services account IDs that have access to the manual
--   Amazon RDS DB snapshot. If the value <tt>all</tt> is specified, then
--   the Amazon RDS DB snapshot is public and can be copied or restored by
--   all Amazon Web Services accounts.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB snapshot and
--   you do not specify the <tt>accountIds</tt> in
--   <tt>RdsDbSnapshotAttributeValue</tt>, then the access preview uses the
--   existing shared <tt>accountIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>accountIds</tt> in
--   <tt>RdsDbSnapshotAttributeValue</tt>, then the access preview
--   considers the snapshot without any attributes.</li>
--   <li>To propose deletion of an existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>accountIds</tt> in the
--   <tt>RdsDbSnapshotAttributeValue</tt>.</li>
--   </ul>
[$sel:accountIds:RdsDbSnapshotAttributeValue'] :: RdsDbSnapshotAttributeValue -> Maybe [Text]

-- | Create a value of <a>RdsDbSnapshotAttributeValue</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accountIds:RdsDbSnapshotAttributeValue'</a>,
--   <a>rdsDbSnapshotAttributeValue_accountIds</a> - The Amazon Web
--   Services account IDs that have access to the manual Amazon RDS DB
--   snapshot. If the value <tt>all</tt> is specified, then the Amazon RDS
--   DB snapshot is public and can be copied or restored by all Amazon Web
--   Services accounts.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB snapshot and
--   you do not specify the <tt>accountIds</tt> in
--   <tt>RdsDbSnapshotAttributeValue</tt>, then the access preview uses the
--   existing shared <tt>accountIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>accountIds</tt> in
--   <tt>RdsDbSnapshotAttributeValue</tt>, then the access preview
--   considers the snapshot without any attributes.</li>
--   <li>To propose deletion of an existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>accountIds</tt> in the
--   <tt>RdsDbSnapshotAttributeValue</tt>.</li>
--   </ul>
newRdsDbSnapshotAttributeValue :: RdsDbSnapshotAttributeValue

-- | The Amazon Web Services account IDs that have access to the manual
--   Amazon RDS DB snapshot. If the value <tt>all</tt> is specified, then
--   the Amazon RDS DB snapshot is public and can be copied or restored by
--   all Amazon Web Services accounts.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB snapshot and
--   you do not specify the <tt>accountIds</tt> in
--   <tt>RdsDbSnapshotAttributeValue</tt>, then the access preview uses the
--   existing shared <tt>accountIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>accountIds</tt> in
--   <tt>RdsDbSnapshotAttributeValue</tt>, then the access preview
--   considers the snapshot without any attributes.</li>
--   <li>To propose deletion of an existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>accountIds</tt> in the
--   <tt>RdsDbSnapshotAttributeValue</tt>.</li>
--   </ul>
rdsDbSnapshotAttributeValue_accountIds :: Lens' RdsDbSnapshotAttributeValue (Maybe [Text])

-- | The proposed access control configuration for an Amazon RDS DB
--   snapshot. You can propose a configuration for a new Amazon RDS DB
--   snapshot or an Amazon RDS DB snapshot that you own by specifying the
--   <tt>RdsDbSnapshotAttributeValue</tt> and optional KMS encryption key.
--   For more information, see <a>ModifyDBSnapshotAttribute</a>.
--   
--   <i>See:</i> <a>newRdsDbSnapshotConfiguration</a> smart constructor.
data RdsDbSnapshotConfiguration
RdsDbSnapshotConfiguration' :: Maybe (HashMap Text RdsDbSnapshotAttributeValue) -> Maybe Text -> RdsDbSnapshotConfiguration

-- | The names and values of manual DB snapshot attributes. Manual DB
--   snapshot attributes are used to authorize other Amazon Web Services
--   accounts to restore a manual DB snapshot. The only valid value for
--   <tt>attributeName</tt> for the attribute map is restore.
[$sel:attributes:RdsDbSnapshotConfiguration'] :: RdsDbSnapshotConfiguration -> Maybe (HashMap Text RdsDbSnapshotAttributeValue)

-- | The KMS key identifier for an encrypted Amazon RDS DB snapshot. The
--   KMS key identifier is the key ARN, key ID, alias ARN, or alias name
--   for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB snapshot and
--   you do not specify the <tt>kmsKeyId</tt>, or you specify an empty
--   string, then the access preview uses the existing <tt>kmsKeyId</tt> of
--   the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>kmsKeyId</tt>, then the access preview considers
--   the snapshot as unencrypted.</li>
--   </ul>
[$sel:kmsKeyId:RdsDbSnapshotConfiguration'] :: RdsDbSnapshotConfiguration -> Maybe Text

-- | Create a value of <a>RdsDbSnapshotConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:attributes:RdsDbSnapshotConfiguration'</a>,
--   <a>rdsDbSnapshotConfiguration_attributes</a> - The names and values of
--   manual DB snapshot attributes. Manual DB snapshot attributes are used
--   to authorize other Amazon Web Services accounts to restore a manual DB
--   snapshot. The only valid value for <tt>attributeName</tt> for the
--   attribute map is restore.
--   
--   <a>$sel:kmsKeyId:RdsDbSnapshotConfiguration'</a>,
--   <a>rdsDbSnapshotConfiguration_kmsKeyId</a> - The KMS key identifier
--   for an encrypted Amazon RDS DB snapshot. The KMS key identifier is the
--   key ARN, key ID, alias ARN, or alias name for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB snapshot and
--   you do not specify the <tt>kmsKeyId</tt>, or you specify an empty
--   string, then the access preview uses the existing <tt>kmsKeyId</tt> of
--   the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>kmsKeyId</tt>, then the access preview considers
--   the snapshot as unencrypted.</li>
--   </ul>
newRdsDbSnapshotConfiguration :: RdsDbSnapshotConfiguration

-- | The names and values of manual DB snapshot attributes. Manual DB
--   snapshot attributes are used to authorize other Amazon Web Services
--   accounts to restore a manual DB snapshot. The only valid value for
--   <tt>attributeName</tt> for the attribute map is restore.
rdsDbSnapshotConfiguration_attributes :: Lens' RdsDbSnapshotConfiguration (Maybe (HashMap Text RdsDbSnapshotAttributeValue))

-- | The KMS key identifier for an encrypted Amazon RDS DB snapshot. The
--   KMS key identifier is the key ARN, key ID, alias ARN, or alias name
--   for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB snapshot and
--   you do not specify the <tt>kmsKeyId</tt>, or you specify an empty
--   string, then the access preview uses the existing <tt>kmsKeyId</tt> of
--   the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>kmsKeyId</tt>, then the access preview considers
--   the snapshot as unencrypted.</li>
--   </ul>
rdsDbSnapshotConfiguration_kmsKeyId :: Lens' RdsDbSnapshotConfiguration (Maybe Text)

-- | The configuration for an Amazon S3 access point or multi-region access
--   point for the bucket. You can propose up to 10 access points or
--   multi-region access points per bucket. If the proposed Amazon S3
--   access point configuration is for an existing bucket, the access
--   preview uses the proposed access point configuration in place of the
--   existing access points. To propose an access point without a policy,
--   you can provide an empty string as the access point policy. For more
--   information, see <a>Creating access points</a>. For more information
--   about access point policy limits, see <a>Access points restrictions
--   and limitations</a>.
--   
--   <i>See:</i> <a>newS3AccessPointConfiguration</a> smart constructor.
data S3AccessPointConfiguration
S3AccessPointConfiguration' :: Maybe Text -> Maybe NetworkOriginConfiguration -> Maybe S3PublicAccessBlockConfiguration -> S3AccessPointConfiguration

-- | The access point or multi-region access point policy.
[$sel:accessPointPolicy:S3AccessPointConfiguration'] :: S3AccessPointConfiguration -> Maybe Text

-- | The proposed <tt>Internet</tt> and <tt>VpcConfiguration</tt> to apply
--   to this Amazon S3 access point. <tt>VpcConfiguration</tt> does not
--   apply to multi-region access points. If the access preview is for a
--   new resource and neither is specified, the access preview uses
--   <tt>Internet</tt> for the network origin. If the access preview is for
--   an existing resource and neither is specified, the access preview uses
--   the exiting network origin.
[$sel:networkOrigin:S3AccessPointConfiguration'] :: S3AccessPointConfiguration -> Maybe NetworkOriginConfiguration

-- | The proposed <tt>S3PublicAccessBlock</tt> configuration to apply to
--   this Amazon S3 access point or multi-region access point.
[$sel:publicAccessBlock:S3AccessPointConfiguration'] :: S3AccessPointConfiguration -> Maybe S3PublicAccessBlockConfiguration

-- | Create a value of <a>S3AccessPointConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accessPointPolicy:S3AccessPointConfiguration'</a>,
--   <a>s3AccessPointConfiguration_accessPointPolicy</a> - The access point
--   or multi-region access point policy.
--   
--   <a>$sel:networkOrigin:S3AccessPointConfiguration'</a>,
--   <a>s3AccessPointConfiguration_networkOrigin</a> - The proposed
--   <tt>Internet</tt> and <tt>VpcConfiguration</tt> to apply to this
--   Amazon S3 access point. <tt>VpcConfiguration</tt> does not apply to
--   multi-region access points. If the access preview is for a new
--   resource and neither is specified, the access preview uses
--   <tt>Internet</tt> for the network origin. If the access preview is for
--   an existing resource and neither is specified, the access preview uses
--   the exiting network origin.
--   
--   <a>$sel:publicAccessBlock:S3AccessPointConfiguration'</a>,
--   <a>s3AccessPointConfiguration_publicAccessBlock</a> - The proposed
--   <tt>S3PublicAccessBlock</tt> configuration to apply to this Amazon S3
--   access point or multi-region access point.
newS3AccessPointConfiguration :: S3AccessPointConfiguration

-- | The access point or multi-region access point policy.
s3AccessPointConfiguration_accessPointPolicy :: Lens' S3AccessPointConfiguration (Maybe Text)

-- | The proposed <tt>Internet</tt> and <tt>VpcConfiguration</tt> to apply
--   to this Amazon S3 access point. <tt>VpcConfiguration</tt> does not
--   apply to multi-region access points. If the access preview is for a
--   new resource and neither is specified, the access preview uses
--   <tt>Internet</tt> for the network origin. If the access preview is for
--   an existing resource and neither is specified, the access preview uses
--   the exiting network origin.
s3AccessPointConfiguration_networkOrigin :: Lens' S3AccessPointConfiguration (Maybe NetworkOriginConfiguration)

-- | The proposed <tt>S3PublicAccessBlock</tt> configuration to apply to
--   this Amazon S3 access point or multi-region access point.
s3AccessPointConfiguration_publicAccessBlock :: Lens' S3AccessPointConfiguration (Maybe S3PublicAccessBlockConfiguration)

-- | A proposed access control list grant configuration for an Amazon S3
--   bucket. For more information, see <a>How to Specify an ACL</a>.
--   
--   <i>See:</i> <a>newS3BucketAclGrantConfiguration</a> smart constructor.
data S3BucketAclGrantConfiguration
S3BucketAclGrantConfiguration' :: AclPermission -> AclGrantee -> S3BucketAclGrantConfiguration

-- | The permissions being granted.
[$sel:permission:S3BucketAclGrantConfiguration'] :: S3BucketAclGrantConfiguration -> AclPermission

-- | The grantee to whom you’re assigning access rights.
[$sel:grantee:S3BucketAclGrantConfiguration'] :: S3BucketAclGrantConfiguration -> AclGrantee

-- | Create a value of <a>S3BucketAclGrantConfiguration</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:permission:S3BucketAclGrantConfiguration'</a>,
--   <a>s3BucketAclGrantConfiguration_permission</a> - The permissions
--   being granted.
--   
--   <a>$sel:grantee:S3BucketAclGrantConfiguration'</a>,
--   <a>s3BucketAclGrantConfiguration_grantee</a> - The grantee to whom
--   you’re assigning access rights.
newS3BucketAclGrantConfiguration :: AclPermission -> AclGrantee -> S3BucketAclGrantConfiguration

-- | The permissions being granted.
s3BucketAclGrantConfiguration_permission :: Lens' S3BucketAclGrantConfiguration AclPermission

-- | The grantee to whom you’re assigning access rights.
s3BucketAclGrantConfiguration_grantee :: Lens' S3BucketAclGrantConfiguration AclGrantee

-- | Proposed access control configuration for an Amazon S3 bucket. You can
--   propose a configuration for a new Amazon S3 bucket or an existing
--   Amazon S3 bucket that you own by specifying the Amazon S3 bucket
--   policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and
--   multi-region access points attached to the bucket. If the
--   configuration is for an existing Amazon S3 bucket and you do not
--   specify the Amazon S3 bucket policy, the access preview uses the
--   existing policy attached to the bucket. If the access preview is for a
--   new resource and you do not specify the Amazon S3 bucket policy, the
--   access preview assumes a bucket without a policy. To propose deletion
--   of an existing bucket policy, you can specify an empty string. For
--   more information about bucket policy limits, see <a>Bucket Policy
--   Examples</a>.
--   
--   <i>See:</i> <a>newS3BucketConfiguration</a> smart constructor.
data S3BucketConfiguration
S3BucketConfiguration' :: Maybe (HashMap Text S3AccessPointConfiguration) -> Maybe [S3BucketAclGrantConfiguration] -> Maybe Text -> Maybe S3PublicAccessBlockConfiguration -> S3BucketConfiguration

-- | The configuration of Amazon S3 access points or multi-region access
--   points for the bucket. You can propose up to 10 new access points per
--   bucket.
[$sel:accessPoints:S3BucketConfiguration'] :: S3BucketConfiguration -> Maybe (HashMap Text S3AccessPointConfiguration)

-- | The proposed list of ACL grants for the Amazon S3 bucket. You can
--   propose up to 100 ACL grants per bucket. If the proposed grant
--   configuration is for an existing bucket, the access preview uses the
--   proposed list of grant configurations in place of the existing grants.
--   Otherwise, the access preview uses the existing grants for the bucket.
[$sel:bucketAclGrants:S3BucketConfiguration'] :: S3BucketConfiguration -> Maybe [S3BucketAclGrantConfiguration]

-- | The proposed bucket policy for the Amazon S3 bucket.
[$sel:bucketPolicy:S3BucketConfiguration'] :: S3BucketConfiguration -> Maybe Text

-- | The proposed block public access configuration for the Amazon S3
--   bucket.
[$sel:bucketPublicAccessBlock:S3BucketConfiguration'] :: S3BucketConfiguration -> Maybe S3PublicAccessBlockConfiguration

-- | Create a value of <a>S3BucketConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accessPoints:S3BucketConfiguration'</a>,
--   <a>s3BucketConfiguration_accessPoints</a> - The configuration of
--   Amazon S3 access points or multi-region access points for the bucket.
--   You can propose up to 10 new access points per bucket.
--   
--   <a>$sel:bucketAclGrants:S3BucketConfiguration'</a>,
--   <a>s3BucketConfiguration_bucketAclGrants</a> - The proposed list of
--   ACL grants for the Amazon S3 bucket. You can propose up to 100 ACL
--   grants per bucket. If the proposed grant configuration is for an
--   existing bucket, the access preview uses the proposed list of grant
--   configurations in place of the existing grants. Otherwise, the access
--   preview uses the existing grants for the bucket.
--   
--   <a>$sel:bucketPolicy:S3BucketConfiguration'</a>,
--   <a>s3BucketConfiguration_bucketPolicy</a> - The proposed bucket policy
--   for the Amazon S3 bucket.
--   
--   <a>$sel:bucketPublicAccessBlock:S3BucketConfiguration'</a>,
--   <a>s3BucketConfiguration_bucketPublicAccessBlock</a> - The proposed
--   block public access configuration for the Amazon S3 bucket.
newS3BucketConfiguration :: S3BucketConfiguration

-- | The configuration of Amazon S3 access points or multi-region access
--   points for the bucket. You can propose up to 10 new access points per
--   bucket.
s3BucketConfiguration_accessPoints :: Lens' S3BucketConfiguration (Maybe (HashMap Text S3AccessPointConfiguration))

-- | The proposed list of ACL grants for the Amazon S3 bucket. You can
--   propose up to 100 ACL grants per bucket. If the proposed grant
--   configuration is for an existing bucket, the access preview uses the
--   proposed list of grant configurations in place of the existing grants.
--   Otherwise, the access preview uses the existing grants for the bucket.
s3BucketConfiguration_bucketAclGrants :: Lens' S3BucketConfiguration (Maybe [S3BucketAclGrantConfiguration])

-- | The proposed bucket policy for the Amazon S3 bucket.
s3BucketConfiguration_bucketPolicy :: Lens' S3BucketConfiguration (Maybe Text)

-- | The proposed block public access configuration for the Amazon S3
--   bucket.
s3BucketConfiguration_bucketPublicAccessBlock :: Lens' S3BucketConfiguration (Maybe S3PublicAccessBlockConfiguration)

-- | The <tt>PublicAccessBlock</tt> configuration to apply to this Amazon
--   S3 bucket. If the proposed configuration is for an existing Amazon S3
--   bucket and the configuration is not specified, the access preview uses
--   the existing setting. If the proposed configuration is for a new
--   bucket and the configuration is not specified, the access preview uses
--   <tt>false</tt>. If the proposed configuration is for a new access
--   point or multi-region access point and the access point BPA
--   configuration is not specified, the access preview uses <tt>true</tt>.
--   For more information, see <a>PublicAccessBlockConfiguration</a>.
--   
--   <i>See:</i> <a>newS3PublicAccessBlockConfiguration</a> smart
--   constructor.
data S3PublicAccessBlockConfiguration
S3PublicAccessBlockConfiguration' :: Bool -> Bool -> S3PublicAccessBlockConfiguration

-- | Specifies whether Amazon S3 should ignore public ACLs for this bucket
--   and objects in this bucket.
[$sel:ignorePublicAcls:S3PublicAccessBlockConfiguration'] :: S3PublicAccessBlockConfiguration -> Bool

-- | Specifies whether Amazon S3 should restrict public bucket policies for
--   this bucket.
[$sel:restrictPublicBuckets:S3PublicAccessBlockConfiguration'] :: S3PublicAccessBlockConfiguration -> Bool

-- | Create a value of <a>S3PublicAccessBlockConfiguration</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:ignorePublicAcls:S3PublicAccessBlockConfiguration'</a>,
--   <a>s3PublicAccessBlockConfiguration_ignorePublicAcls</a> - Specifies
--   whether Amazon S3 should ignore public ACLs for this bucket and
--   objects in this bucket.
--   
--   <a>$sel:restrictPublicBuckets:S3PublicAccessBlockConfiguration'</a>,
--   <a>s3PublicAccessBlockConfiguration_restrictPublicBuckets</a> -
--   Specifies whether Amazon S3 should restrict public bucket policies for
--   this bucket.
newS3PublicAccessBlockConfiguration :: Bool -> Bool -> S3PublicAccessBlockConfiguration

-- | Specifies whether Amazon S3 should ignore public ACLs for this bucket
--   and objects in this bucket.
s3PublicAccessBlockConfiguration_ignorePublicAcls :: Lens' S3PublicAccessBlockConfiguration Bool

-- | Specifies whether Amazon S3 should restrict public bucket policies for
--   this bucket.
s3PublicAccessBlockConfiguration_restrictPublicBuckets :: Lens' S3PublicAccessBlockConfiguration Bool

-- | The configuration for a Secrets Manager secret. For more information,
--   see <a>CreateSecret</a>.
--   
--   You can propose a configuration for a new secret or an existing secret
--   that you own by specifying the secret policy and optional KMS
--   encryption key. If the configuration is for an existing secret and you
--   do not specify the secret policy, the access preview uses the existing
--   policy for the secret. If the access preview is for a new resource and
--   you do not specify the policy, the access preview assumes a secret
--   without a policy. To propose deletion of an existing policy, you can
--   specify an empty string. If the proposed configuration is for a new
--   secret and you do not specify the KMS key ID, the access preview uses
--   the Amazon Web Services managed key <tt>aws/secretsmanager</tt>. If
--   you specify an empty string for the KMS key ID, the access preview
--   uses the Amazon Web Services managed key of the Amazon Web Services
--   account. For more information about secret policy limits, see
--   <a>Quotas for Secrets Manager.</a>.
--   
--   <i>See:</i> <a>newSecretsManagerSecretConfiguration</a> smart
--   constructor.
data SecretsManagerSecretConfiguration
SecretsManagerSecretConfiguration' :: Maybe Text -> Maybe Text -> SecretsManagerSecretConfiguration

-- | The proposed ARN, key ID, or alias of the KMS key.
[$sel:kmsKeyId:SecretsManagerSecretConfiguration'] :: SecretsManagerSecretConfiguration -> Maybe Text

-- | The proposed resource policy defining who can access or manage the
--   secret.
[$sel:secretPolicy:SecretsManagerSecretConfiguration'] :: SecretsManagerSecretConfiguration -> Maybe Text

-- | Create a value of <a>SecretsManagerSecretConfiguration</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:kmsKeyId:SecretsManagerSecretConfiguration'</a>,
--   <a>secretsManagerSecretConfiguration_kmsKeyId</a> - The proposed ARN,
--   key ID, or alias of the KMS key.
--   
--   <a>$sel:secretPolicy:SecretsManagerSecretConfiguration'</a>,
--   <a>secretsManagerSecretConfiguration_secretPolicy</a> - The proposed
--   resource policy defining who can access or manage the secret.
newSecretsManagerSecretConfiguration :: SecretsManagerSecretConfiguration

-- | The proposed ARN, key ID, or alias of the KMS key.
secretsManagerSecretConfiguration_kmsKeyId :: Lens' SecretsManagerSecretConfiguration (Maybe Text)

-- | The proposed resource policy defining who can access or manage the
--   secret.
secretsManagerSecretConfiguration_secretPolicy :: Lens' SecretsManagerSecretConfiguration (Maybe Text)

-- | The proposed access control configuration for an Amazon SNS topic. You
--   can propose a configuration for a new Amazon SNS topic or an existing
--   Amazon SNS topic that you own by specifying the policy. If the
--   configuration is for an existing Amazon SNS topic and you do not
--   specify the Amazon SNS policy, then the access preview uses the
--   existing Amazon SNS policy for the topic. If the access preview is for
--   a new resource and you do not specify the policy, then the access
--   preview assumes an Amazon SNS topic without a policy. To propose
--   deletion of an existing Amazon SNS topic policy, you can specify an
--   empty string for the Amazon SNS policy. For more information, see
--   <a>Topic</a>.
--   
--   <i>See:</i> <a>newSnsTopicConfiguration</a> smart constructor.
data SnsTopicConfiguration
SnsTopicConfiguration' :: Maybe Text -> SnsTopicConfiguration

-- | The JSON policy text that defines who can access an Amazon SNS topic.
--   For more information, see <a>Example cases for Amazon SNS access
--   control</a> in the <i>Amazon SNS Developer Guide</i>.
[$sel:topicPolicy:SnsTopicConfiguration'] :: SnsTopicConfiguration -> Maybe Text

-- | Create a value of <a>SnsTopicConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:topicPolicy:SnsTopicConfiguration'</a>,
--   <a>snsTopicConfiguration_topicPolicy</a> - The JSON policy text that
--   defines who can access an Amazon SNS topic. For more information, see
--   <a>Example cases for Amazon SNS access control</a> in the <i>Amazon
--   SNS Developer Guide</i>.
newSnsTopicConfiguration :: SnsTopicConfiguration

-- | The JSON policy text that defines who can access an Amazon SNS topic.
--   For more information, see <a>Example cases for Amazon SNS access
--   control</a> in the <i>Amazon SNS Developer Guide</i>.
snsTopicConfiguration_topicPolicy :: Lens' SnsTopicConfiguration (Maybe Text)

-- | The criteria used to sort.
--   
--   <i>See:</i> <a>newSortCriteria</a> smart constructor.
data SortCriteria
SortCriteria' :: Maybe Text -> Maybe OrderBy -> SortCriteria

-- | The name of the attribute to sort on.
[$sel:attributeName:SortCriteria'] :: SortCriteria -> Maybe Text

-- | The sort order, ascending or descending.
[$sel:orderBy:SortCriteria'] :: SortCriteria -> Maybe OrderBy

-- | Create a value of <a>SortCriteria</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:attributeName:SortCriteria'</a>,
--   <a>sortCriteria_attributeName</a> - The name of the attribute to sort
--   on.
--   
--   <a>$sel:orderBy:SortCriteria'</a>, <a>sortCriteria_orderBy</a> - The
--   sort order, ascending or descending.
newSortCriteria :: SortCriteria

-- | The name of the attribute to sort on.
sortCriteria_attributeName :: Lens' SortCriteria (Maybe Text)

-- | The sort order, ascending or descending.
sortCriteria_orderBy :: Lens' SortCriteria (Maybe OrderBy)

-- | A span in a policy. The span consists of a start position (inclusive)
--   and end position (exclusive).
--   
--   <i>See:</i> <a>newSpan</a> smart constructor.
data Span
Span' :: Position -> Position -> Span

-- | The start position of the span (inclusive).
[$sel:start:Span'] :: Span -> Position

-- | The end position of the span (exclusive).
[$sel:end:Span'] :: Span -> Position

-- | Create a value of <a>Span</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:start:Span'</a>, <a>span_start</a> - The start position of the
--   span (inclusive).
--   
--   <a>$sel:end:Span'</a>, <a>span_end</a> - The end position of the span
--   (exclusive).
newSpan :: Position -> Position -> Span

-- | The start position of the span (inclusive).
span_start :: Lens' Span Position

-- | The end position of the span (exclusive).
span_end :: Lens' Span Position

-- | The proposed access control configuration for an Amazon SQS queue. You
--   can propose a configuration for a new Amazon SQS queue or an existing
--   Amazon SQS queue that you own by specifying the Amazon SQS policy. If
--   the configuration is for an existing Amazon SQS queue and you do not
--   specify the Amazon SQS policy, the access preview uses the existing
--   Amazon SQS policy for the queue. If the access preview is for a new
--   resource and you do not specify the policy, the access preview assumes
--   an Amazon SQS queue without a policy. To propose deletion of an
--   existing Amazon SQS queue policy, you can specify an empty string for
--   the Amazon SQS policy. For more information about Amazon SQS policy
--   limits, see <a>Quotas related to policies</a>.
--   
--   <i>See:</i> <a>newSqsQueueConfiguration</a> smart constructor.
data SqsQueueConfiguration
SqsQueueConfiguration' :: Maybe Text -> SqsQueueConfiguration

-- | The proposed resource policy for the Amazon SQS queue.
[$sel:queuePolicy:SqsQueueConfiguration'] :: SqsQueueConfiguration -> Maybe Text

-- | Create a value of <a>SqsQueueConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:queuePolicy:SqsQueueConfiguration'</a>,
--   <a>sqsQueueConfiguration_queuePolicy</a> - The proposed resource
--   policy for the Amazon SQS queue.
newSqsQueueConfiguration :: SqsQueueConfiguration

-- | The proposed resource policy for the Amazon SQS queue.
sqsQueueConfiguration_queuePolicy :: Lens' SqsQueueConfiguration (Maybe Text)

-- | Provides more details about the current status of the analyzer. For
--   example, if the creation for the analyzer fails, a <tt>Failed</tt>
--   status is returned. For an analyzer with organization as the type,
--   this failure can be due to an issue with creating the service-linked
--   roles required in the member accounts of the Amazon Web Services
--   organization.
--   
--   <i>See:</i> <a>newStatusReason</a> smart constructor.
data StatusReason
StatusReason' :: ReasonCode -> StatusReason

-- | The reason code for the current status of the analyzer.
[$sel:code:StatusReason'] :: StatusReason -> ReasonCode

-- | Create a value of <a>StatusReason</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:code:StatusReason'</a>, <a>statusReason_code</a> - The reason
--   code for the current status of the analyzer.
newStatusReason :: ReasonCode -> StatusReason

-- | The reason code for the current status of the analyzer.
statusReason_code :: Lens' StatusReason ReasonCode

-- | A reference to a substring of a literal string in a JSON document.
--   
--   <i>See:</i> <a>newSubstring</a> smart constructor.
data Substring
Substring' :: Int -> Int -> Substring

-- | The start index of the substring, starting from 0.
[$sel:start:Substring'] :: Substring -> Int

-- | The length of the substring.
[$sel:length:Substring'] :: Substring -> Int

-- | Create a value of <a>Substring</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:start:Substring'</a>, <a>substring_start</a> - The start index
--   of the substring, starting from 0.
--   
--   <a>$sel:length:Substring'</a>, <a>substring_length</a> - The length of
--   the substring.
newSubstring :: Int -> Int -> Substring

-- | The start index of the substring, starting from 0.
substring_start :: Lens' Substring Int

-- | The length of the substring.
substring_length :: Lens' Substring Int

-- | Contains details about the CloudTrail trail being analyzed to generate
--   a policy.
--   
--   <i>See:</i> <a>newTrail</a> smart constructor.
data Trail
Trail' :: Maybe Bool -> Maybe [Text] -> Text -> Trail

-- | Possible values are <tt>true</tt> or <tt>false</tt>. If set to
--   <tt>true</tt>, IAM Access Analyzer retrieves CloudTrail data from all
--   regions to analyze and generate a policy.
[$sel:allRegions:Trail'] :: Trail -> Maybe Bool

-- | A list of regions to get CloudTrail data from and analyze to generate
--   a policy.
[$sel:regions:Trail'] :: Trail -> Maybe [Text]

-- | Specifies the ARN of the trail. The format of a trail ARN is
--   <tt>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</tt>.
[$sel:cloudTrailArn:Trail'] :: Trail -> Text

-- | Create a value of <a>Trail</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:allRegions:Trail'</a>, <a>trail_allRegions</a> - Possible
--   values are <tt>true</tt> or <tt>false</tt>. If set to <tt>true</tt>,
--   IAM Access Analyzer retrieves CloudTrail data from all regions to
--   analyze and generate a policy.
--   
--   <a>$sel:regions:Trail'</a>, <a>trail_regions</a> - A list of regions
--   to get CloudTrail data from and analyze to generate a policy.
--   
--   <a>$sel:cloudTrailArn:Trail'</a>, <a>trail_cloudTrailArn</a> -
--   Specifies the ARN of the trail. The format of a trail ARN is
--   <tt>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</tt>.
newTrail :: Text -> Trail

-- | Possible values are <tt>true</tt> or <tt>false</tt>. If set to
--   <tt>true</tt>, IAM Access Analyzer retrieves CloudTrail data from all
--   regions to analyze and generate a policy.
trail_allRegions :: Lens' Trail (Maybe Bool)

-- | A list of regions to get CloudTrail data from and analyze to generate
--   a policy.
trail_regions :: Lens' Trail (Maybe [Text])

-- | Specifies the ARN of the trail. The format of a trail ARN is
--   <tt>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</tt>.
trail_cloudTrailArn :: Lens' Trail Text

-- | Contains details about the CloudTrail trail being analyzed to generate
--   a policy.
--   
--   <i>See:</i> <a>newTrailProperties</a> smart constructor.
data TrailProperties
TrailProperties' :: Maybe Bool -> Maybe [Text] -> Text -> TrailProperties

-- | Possible values are <tt>true</tt> or <tt>false</tt>. If set to
--   <tt>true</tt>, IAM Access Analyzer retrieves CloudTrail data from all
--   regions to analyze and generate a policy.
[$sel:allRegions:TrailProperties'] :: TrailProperties -> Maybe Bool

-- | A list of regions to get CloudTrail data from and analyze to generate
--   a policy.
[$sel:regions:TrailProperties'] :: TrailProperties -> Maybe [Text]

-- | Specifies the ARN of the trail. The format of a trail ARN is
--   <tt>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</tt>.
[$sel:cloudTrailArn:TrailProperties'] :: TrailProperties -> Text

-- | Create a value of <a>TrailProperties</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:allRegions:TrailProperties'</a>,
--   <a>trailProperties_allRegions</a> - Possible values are <tt>true</tt>
--   or <tt>false</tt>. If set to <tt>true</tt>, IAM Access Analyzer
--   retrieves CloudTrail data from all regions to analyze and generate a
--   policy.
--   
--   <a>$sel:regions:TrailProperties'</a>, <a>trailProperties_regions</a> -
--   A list of regions to get CloudTrail data from and analyze to generate
--   a policy.
--   
--   <a>$sel:cloudTrailArn:TrailProperties'</a>,
--   <a>trailProperties_cloudTrailArn</a> - Specifies the ARN of the trail.
--   The format of a trail ARN is
--   <tt>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</tt>.
newTrailProperties :: Text -> TrailProperties

-- | Possible values are <tt>true</tt> or <tt>false</tt>. If set to
--   <tt>true</tt>, IAM Access Analyzer retrieves CloudTrail data from all
--   regions to analyze and generate a policy.
trailProperties_allRegions :: Lens' TrailProperties (Maybe Bool)

-- | A list of regions to get CloudTrail data from and analyze to generate
--   a policy.
trailProperties_regions :: Lens' TrailProperties (Maybe [Text])

-- | Specifies the ARN of the trail. The format of a trail ARN is
--   <tt>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</tt>.
trailProperties_cloudTrailArn :: Lens' TrailProperties Text

-- | A finding in a policy. Each finding is an actionable recommendation
--   that can be used to improve the policy.
--   
--   <i>See:</i> <a>newValidatePolicyFinding</a> smart constructor.
data ValidatePolicyFinding
ValidatePolicyFinding' :: Text -> ValidatePolicyFindingType -> Text -> Text -> [Location] -> ValidatePolicyFinding

-- | A localized message that explains the finding and provides guidance on
--   how to address it.
[$sel:findingDetails:ValidatePolicyFinding'] :: ValidatePolicyFinding -> Text

-- | The impact of the finding.
--   
--   Security warnings report when the policy allows access that we
--   consider overly permissive.
--   
--   Errors report when a part of the policy is not functional.
--   
--   Warnings report non-security issues when a policy does not conform to
--   policy writing best practices.
--   
--   Suggestions recommend stylistic improvements in the policy that do not
--   impact access.
[$sel:findingType:ValidatePolicyFinding'] :: ValidatePolicyFinding -> ValidatePolicyFindingType

-- | The issue code provides an identifier of the issue associated with
--   this finding.
[$sel:issueCode:ValidatePolicyFinding'] :: ValidatePolicyFinding -> Text

-- | A link to additional documentation about the type of finding.
[$sel:learnMoreLink:ValidatePolicyFinding'] :: ValidatePolicyFinding -> Text

-- | The list of locations in the policy document that are related to the
--   finding. The issue code provides a summary of an issue identified by
--   the finding.
[$sel:locations:ValidatePolicyFinding'] :: ValidatePolicyFinding -> [Location]

-- | Create a value of <a>ValidatePolicyFinding</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:findingDetails:ValidatePolicyFinding'</a>,
--   <a>validatePolicyFinding_findingDetails</a> - A localized message that
--   explains the finding and provides guidance on how to address it.
--   
--   <a>$sel:findingType:ValidatePolicyFinding'</a>,
--   <a>validatePolicyFinding_findingType</a> - The impact of the finding.
--   
--   Security warnings report when the policy allows access that we
--   consider overly permissive.
--   
--   Errors report when a part of the policy is not functional.
--   
--   Warnings report non-security issues when a policy does not conform to
--   policy writing best practices.
--   
--   Suggestions recommend stylistic improvements in the policy that do not
--   impact access.
--   
--   <a>$sel:issueCode:ValidatePolicyFinding'</a>,
--   <a>validatePolicyFinding_issueCode</a> - The issue code provides an
--   identifier of the issue associated with this finding.
--   
--   <a>$sel:learnMoreLink:ValidatePolicyFinding'</a>,
--   <a>validatePolicyFinding_learnMoreLink</a> - A link to additional
--   documentation about the type of finding.
--   
--   <a>$sel:locations:ValidatePolicyFinding'</a>,
--   <a>validatePolicyFinding_locations</a> - The list of locations in the
--   policy document that are related to the finding. The issue code
--   provides a summary of an issue identified by the finding.
newValidatePolicyFinding :: Text -> ValidatePolicyFindingType -> Text -> Text -> ValidatePolicyFinding

-- | A localized message that explains the finding and provides guidance on
--   how to address it.
validatePolicyFinding_findingDetails :: Lens' ValidatePolicyFinding Text

-- | The impact of the finding.
--   
--   Security warnings report when the policy allows access that we
--   consider overly permissive.
--   
--   Errors report when a part of the policy is not functional.
--   
--   Warnings report non-security issues when a policy does not conform to
--   policy writing best practices.
--   
--   Suggestions recommend stylistic improvements in the policy that do not
--   impact access.
validatePolicyFinding_findingType :: Lens' ValidatePolicyFinding ValidatePolicyFindingType

-- | The issue code provides an identifier of the issue associated with
--   this finding.
validatePolicyFinding_issueCode :: Lens' ValidatePolicyFinding Text

-- | A link to additional documentation about the type of finding.
validatePolicyFinding_learnMoreLink :: Lens' ValidatePolicyFinding Text

-- | The list of locations in the policy document that are related to the
--   finding. The issue code provides a summary of an issue identified by
--   the finding.
validatePolicyFinding_locations :: Lens' ValidatePolicyFinding [Location]

-- | The proposed virtual private cloud (VPC) configuration for the Amazon
--   S3 access point. VPC configuration does not apply to multi-region
--   access points. For more information, see <a>VpcConfiguration</a>.
--   
--   <i>See:</i> <a>newVpcConfiguration</a> smart constructor.
data VpcConfiguration
VpcConfiguration' :: Text -> VpcConfiguration

-- | If this field is specified, this access point will only allow
--   connections from the specified VPC ID.
[$sel:vpcId:VpcConfiguration'] :: VpcConfiguration -> Text

-- | Create a value of <a>VpcConfiguration</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:vpcId:VpcConfiguration'</a>, <a>vpcConfiguration_vpcId</a> -
--   If this field is specified, this access point will only allow
--   connections from the specified VPC ID.
newVpcConfiguration :: Text -> VpcConfiguration

-- | If this field is specified, this access point will only allow
--   connections from the specified VPC ID.
vpcConfiguration_vpcId :: Lens' VpcConfiguration Text


-- | Adds a tag to the specified resource.
module Amazonka.AccessAnalyzer.TagResource

-- | Adds a tag to the specified resource.
--   
--   <i>See:</i> <a>newTagResource</a> smart constructor.
data TagResource
TagResource' :: Text -> HashMap Text Text -> TagResource

-- | The ARN of the resource to add the tag to.
[$sel:resourceArn:TagResource'] :: TagResource -> Text

-- | The tags to add to the resource.
[$sel:tags:TagResource'] :: TagResource -> HashMap Text Text

-- | Create a value of <a>TagResource</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>TagResource</a>, <a>tagResource_resourceArn</a> - The ARN of the
--   resource to add the tag to.
--   
--   <a>TagResource</a>, <a>tagResource_tags</a> - The tags to add to the
--   resource.
newTagResource :: Text -> TagResource

-- | The ARN of the resource to add the tag to.
tagResource_resourceArn :: Lens' TagResource Text

-- | The tags to add to the resource.
tagResource_tags :: Lens' TagResource (HashMap Text Text)

-- | The response to the request.
--   
--   <i>See:</i> <a>newTagResourceResponse</a> smart constructor.
data TagResourceResponse
TagResourceResponse' :: Int -> TagResourceResponse

-- | The response's http status code.
[$sel:httpStatus:TagResourceResponse'] :: TagResourceResponse -> Int

-- | Create a value of <a>TagResourceResponse</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:TagResourceResponse'</a>,
--   <a>tagResourceResponse_httpStatus</a> - The response's http status
--   code.
newTagResourceResponse :: Int -> TagResourceResponse

-- | The response's http status code.
tagResourceResponse_httpStatus :: Lens' TagResourceResponse Int
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.TagResource.TagResource
instance GHC.Show.Show Amazonka.AccessAnalyzer.TagResource.TagResource
instance GHC.Read.Read Amazonka.AccessAnalyzer.TagResource.TagResource
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.TagResource.TagResource
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.TagResource.TagResourceResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.TagResource.TagResourceResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.TagResource.TagResourceResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.TagResource.TagResourceResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.TagResource.TagResource
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.TagResource.TagResourceResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.TagResource.TagResource
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.TagResource.TagResource
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.TagResource.TagResource
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.TagResource.TagResource
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.TagResource.TagResource
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.TagResource.TagResource


-- | Immediately starts a scan of the policies applied to the specified
--   resource.
module Amazonka.AccessAnalyzer.StartResourceScan

-- | Starts a scan of the policies applied to the specified resource.
--   
--   <i>See:</i> <a>newStartResourceScan</a> smart constructor.
data StartResourceScan
StartResourceScan' :: Maybe Text -> Text -> Text -> StartResourceScan

-- | The Amazon Web Services account ID that owns the resource. For most
--   Amazon Web Services resources, the owning account is the account in
--   which the resource was created.
[$sel:resourceOwnerAccount:StartResourceScan'] :: StartResourceScan -> Maybe Text

-- | The <a>ARN of the analyzer</a> to use to scan the policies applied to
--   the specified resource.
[$sel:analyzerArn:StartResourceScan'] :: StartResourceScan -> Text

-- | The ARN of the resource to scan.
[$sel:resourceArn:StartResourceScan'] :: StartResourceScan -> Text

-- | Create a value of <a>StartResourceScan</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>StartResourceScan</a>,
--   <a>startResourceScan_resourceOwnerAccount</a> - The Amazon Web
--   Services account ID that owns the resource. For most Amazon Web
--   Services resources, the owning account is the account in which the
--   resource was created.
--   
--   <a>StartResourceScan</a>, <a>startResourceScan_analyzerArn</a> - The
--   <a>ARN of the analyzer</a> to use to scan the policies applied to the
--   specified resource.
--   
--   <a>StartResourceScan</a>, <a>startResourceScan_resourceArn</a> - The
--   ARN of the resource to scan.
newStartResourceScan :: Text -> Text -> StartResourceScan

-- | The Amazon Web Services account ID that owns the resource. For most
--   Amazon Web Services resources, the owning account is the account in
--   which the resource was created.
startResourceScan_resourceOwnerAccount :: Lens' StartResourceScan (Maybe Text)

-- | The <a>ARN of the analyzer</a> to use to scan the policies applied to
--   the specified resource.
startResourceScan_analyzerArn :: Lens' StartResourceScan Text

-- | The ARN of the resource to scan.
startResourceScan_resourceArn :: Lens' StartResourceScan Text

-- | <i>See:</i> <a>newStartResourceScanResponse</a> smart constructor.
data StartResourceScanResponse
StartResourceScanResponse' :: StartResourceScanResponse

-- | Create a value of <a>StartResourceScanResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newStartResourceScanResponse :: StartResourceScanResponse
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.StartResourceScan.StartResourceScan
instance GHC.Show.Show Amazonka.AccessAnalyzer.StartResourceScan.StartResourceScan
instance GHC.Read.Read Amazonka.AccessAnalyzer.StartResourceScan.StartResourceScan
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.StartResourceScan.StartResourceScan
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.StartResourceScan.StartResourceScanResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.StartResourceScan.StartResourceScanResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.StartResourceScan.StartResourceScanResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.StartResourceScan.StartResourceScanResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.StartResourceScan.StartResourceScan
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.StartResourceScan.StartResourceScanResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.StartResourceScan.StartResourceScan
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.StartResourceScan.StartResourceScan
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.StartResourceScan.StartResourceScan
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.StartResourceScan.StartResourceScan
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.StartResourceScan.StartResourceScan
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.StartResourceScan.StartResourceScan


-- | Starts the policy generation request.
module Amazonka.AccessAnalyzer.StartPolicyGeneration

-- | <i>See:</i> <a>newStartPolicyGeneration</a> smart constructor.
data StartPolicyGeneration
StartPolicyGeneration' :: Maybe Text -> Maybe CloudTrailDetails -> PolicyGenerationDetails -> StartPolicyGeneration

-- | A unique, case-sensitive identifier that you provide to ensure the
--   idempotency of the request. Idempotency ensures that an API request
--   completes only once. With an idempotent request, if the original
--   request completes successfully, the subsequent retries with the same
--   client token return the result from the original successful request
--   and they have no additional effect.
--   
--   If you do not specify a client token, one is automatically generated
--   by the Amazon Web Services SDK.
[$sel:clientToken:StartPolicyGeneration'] :: StartPolicyGeneration -> Maybe Text

-- | A <tt>CloudTrailDetails</tt> object that contains details about a
--   <tt>Trail</tt> that you want to analyze to generate policies.
[$sel:cloudTrailDetails:StartPolicyGeneration'] :: StartPolicyGeneration -> Maybe CloudTrailDetails

-- | Contains the ARN of the IAM entity (user or role) for which you are
--   generating a policy.
[$sel:policyGenerationDetails:StartPolicyGeneration'] :: StartPolicyGeneration -> PolicyGenerationDetails

-- | Create a value of <a>StartPolicyGeneration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:clientToken:StartPolicyGeneration'</a>,
--   <a>startPolicyGeneration_clientToken</a> - A unique, case-sensitive
--   identifier that you provide to ensure the idempotency of the request.
--   Idempotency ensures that an API request completes only once. With an
--   idempotent request, if the original request completes successfully,
--   the subsequent retries with the same client token return the result
--   from the original successful request and they have no additional
--   effect.
--   
--   If you do not specify a client token, one is automatically generated
--   by the Amazon Web Services SDK.
--   
--   <a>$sel:cloudTrailDetails:StartPolicyGeneration'</a>,
--   <a>startPolicyGeneration_cloudTrailDetails</a> - A
--   <tt>CloudTrailDetails</tt> object that contains details about a
--   <tt>Trail</tt> that you want to analyze to generate policies.
--   
--   <a>$sel:policyGenerationDetails:StartPolicyGeneration'</a>,
--   <a>startPolicyGeneration_policyGenerationDetails</a> - Contains the
--   ARN of the IAM entity (user or role) for which you are generating a
--   policy.
newStartPolicyGeneration :: PolicyGenerationDetails -> StartPolicyGeneration

-- | A unique, case-sensitive identifier that you provide to ensure the
--   idempotency of the request. Idempotency ensures that an API request
--   completes only once. With an idempotent request, if the original
--   request completes successfully, the subsequent retries with the same
--   client token return the result from the original successful request
--   and they have no additional effect.
--   
--   If you do not specify a client token, one is automatically generated
--   by the Amazon Web Services SDK.
startPolicyGeneration_clientToken :: Lens' StartPolicyGeneration (Maybe Text)

-- | A <tt>CloudTrailDetails</tt> object that contains details about a
--   <tt>Trail</tt> that you want to analyze to generate policies.
startPolicyGeneration_cloudTrailDetails :: Lens' StartPolicyGeneration (Maybe CloudTrailDetails)

-- | Contains the ARN of the IAM entity (user or role) for which you are
--   generating a policy.
startPolicyGeneration_policyGenerationDetails :: Lens' StartPolicyGeneration PolicyGenerationDetails

-- | <i>See:</i> <a>newStartPolicyGenerationResponse</a> smart constructor.
data StartPolicyGenerationResponse
StartPolicyGenerationResponse' :: Int -> Text -> StartPolicyGenerationResponse

-- | The response's http status code.
[$sel:httpStatus:StartPolicyGenerationResponse'] :: StartPolicyGenerationResponse -> Int

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
[$sel:jobId:StartPolicyGenerationResponse'] :: StartPolicyGenerationResponse -> Text

-- | Create a value of <a>StartPolicyGenerationResponse</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:StartPolicyGenerationResponse'</a>,
--   <a>startPolicyGenerationResponse_httpStatus</a> - The response's http
--   status code.
--   
--   <a>StartPolicyGenerationResponse</a>,
--   <a>startPolicyGenerationResponse_jobId</a> - The <tt>JobId</tt> that
--   is returned by the <tt>StartPolicyGeneration</tt> operation. The
--   <tt>JobId</tt> can be used with <tt>GetGeneratedPolicy</tt> to
--   retrieve the generated policies or used with
--   <tt>CancelPolicyGeneration</tt> to cancel the policy generation
--   request.
newStartPolicyGenerationResponse :: Int -> Text -> StartPolicyGenerationResponse

-- | The response's http status code.
startPolicyGenerationResponse_httpStatus :: Lens' StartPolicyGenerationResponse Int

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
startPolicyGenerationResponse_jobId :: Lens' StartPolicyGenerationResponse Text
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.StartPolicyGeneration.StartPolicyGeneration
instance GHC.Show.Show Amazonka.AccessAnalyzer.StartPolicyGeneration.StartPolicyGeneration
instance GHC.Read.Read Amazonka.AccessAnalyzer.StartPolicyGeneration.StartPolicyGeneration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.StartPolicyGeneration.StartPolicyGeneration
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.StartPolicyGeneration.StartPolicyGenerationResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.StartPolicyGeneration.StartPolicyGenerationResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.StartPolicyGeneration.StartPolicyGenerationResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.StartPolicyGeneration.StartPolicyGenerationResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.StartPolicyGeneration.StartPolicyGeneration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.StartPolicyGeneration.StartPolicyGenerationResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.StartPolicyGeneration.StartPolicyGeneration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.StartPolicyGeneration.StartPolicyGeneration
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.StartPolicyGeneration.StartPolicyGeneration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.StartPolicyGeneration.StartPolicyGeneration
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.StartPolicyGeneration.StartPolicyGeneration
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.StartPolicyGeneration.StartPolicyGeneration


-- | Retrieves a list of tags applied to the specified resource.
module Amazonka.AccessAnalyzer.ListTagsForResource

-- | Retrieves a list of tags applied to the specified resource.
--   
--   <i>See:</i> <a>newListTagsForResource</a> smart constructor.
data ListTagsForResource
ListTagsForResource' :: Text -> ListTagsForResource

-- | The ARN of the resource to retrieve tags from.
[$sel:resourceArn:ListTagsForResource'] :: ListTagsForResource -> Text

-- | Create a value of <a>ListTagsForResource</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListTagsForResource</a>, <a>listTagsForResource_resourceArn</a> -
--   The ARN of the resource to retrieve tags from.
newListTagsForResource :: Text -> ListTagsForResource

-- | The ARN of the resource to retrieve tags from.
listTagsForResource_resourceArn :: Lens' ListTagsForResource Text

-- | The response to the request.
--   
--   <i>See:</i> <a>newListTagsForResourceResponse</a> smart constructor.
data ListTagsForResourceResponse
ListTagsForResourceResponse' :: Maybe (HashMap Text Text) -> Int -> ListTagsForResourceResponse

-- | The tags that are applied to the specified resource.
[$sel:tags:ListTagsForResourceResponse'] :: ListTagsForResourceResponse -> Maybe (HashMap Text Text)

-- | The response's http status code.
[$sel:httpStatus:ListTagsForResourceResponse'] :: ListTagsForResourceResponse -> Int

-- | Create a value of <a>ListTagsForResourceResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListTagsForResourceResponse</a>,
--   <a>listTagsForResourceResponse_tags</a> - The tags that are applied to
--   the specified resource.
--   
--   <a>$sel:httpStatus:ListTagsForResourceResponse'</a>,
--   <a>listTagsForResourceResponse_httpStatus</a> - The response's http
--   status code.
newListTagsForResourceResponse :: Int -> ListTagsForResourceResponse

-- | The tags that are applied to the specified resource.
listTagsForResourceResponse_tags :: Lens' ListTagsForResourceResponse (Maybe (HashMap Text Text))

-- | The response's http status code.
listTagsForResourceResponse_httpStatus :: Lens' ListTagsForResourceResponse Int
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ListTagsForResource.ListTagsForResource
instance GHC.Show.Show Amazonka.AccessAnalyzer.ListTagsForResource.ListTagsForResource
instance GHC.Read.Read Amazonka.AccessAnalyzer.ListTagsForResource.ListTagsForResource
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ListTagsForResource.ListTagsForResource
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ListTagsForResource.ListTagsForResourceResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.ListTagsForResource.ListTagsForResourceResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.ListTagsForResource.ListTagsForResourceResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ListTagsForResource.ListTagsForResourceResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.ListTagsForResource.ListTagsForResource
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ListTagsForResource.ListTagsForResourceResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.ListTagsForResource.ListTagsForResource
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ListTagsForResource.ListTagsForResource
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.ListTagsForResource.ListTagsForResource
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.ListTagsForResource.ListTagsForResource
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.ListTagsForResource.ListTagsForResource


-- | Lists all of the policy generations requested in the last seven days.
--   
--   This operation returns paginated results.
module Amazonka.AccessAnalyzer.ListPolicyGenerations

-- | <i>See:</i> <a>newListPolicyGenerations</a> smart constructor.
data ListPolicyGenerations
ListPolicyGenerations' :: Maybe Natural -> Maybe Text -> Maybe Text -> ListPolicyGenerations

-- | The maximum number of results to return in the response.
[$sel:maxResults:ListPolicyGenerations'] :: ListPolicyGenerations -> Maybe Natural

-- | A token used for pagination of results returned.
[$sel:nextToken:ListPolicyGenerations'] :: ListPolicyGenerations -> Maybe Text

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy. Use this with <tt>ListGeneratedPolicies</tt> to filter the
--   results to only include results for a specific principal.
[$sel:principalArn:ListPolicyGenerations'] :: ListPolicyGenerations -> Maybe Text

-- | Create a value of <a>ListPolicyGenerations</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:maxResults:ListPolicyGenerations'</a>,
--   <a>listPolicyGenerations_maxResults</a> - The maximum number of
--   results to return in the response.
--   
--   <a>ListPolicyGenerations</a>, <a>listPolicyGenerations_nextToken</a> -
--   A token used for pagination of results returned.
--   
--   <a>ListPolicyGenerations</a>,
--   <a>listPolicyGenerations_principalArn</a> - The ARN of the IAM entity
--   (user or role) for which you are generating a policy. Use this with
--   <tt>ListGeneratedPolicies</tt> to filter the results to only include
--   results for a specific principal.
newListPolicyGenerations :: ListPolicyGenerations

-- | The maximum number of results to return in the response.
listPolicyGenerations_maxResults :: Lens' ListPolicyGenerations (Maybe Natural)

-- | A token used for pagination of results returned.
listPolicyGenerations_nextToken :: Lens' ListPolicyGenerations (Maybe Text)

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy. Use this with <tt>ListGeneratedPolicies</tt> to filter the
--   results to only include results for a specific principal.
listPolicyGenerations_principalArn :: Lens' ListPolicyGenerations (Maybe Text)

-- | <i>See:</i> <a>newListPolicyGenerationsResponse</a> smart constructor.
data ListPolicyGenerationsResponse
ListPolicyGenerationsResponse' :: Maybe Text -> Int -> [PolicyGeneration] -> ListPolicyGenerationsResponse

-- | A token used for pagination of results returned.
[$sel:nextToken:ListPolicyGenerationsResponse'] :: ListPolicyGenerationsResponse -> Maybe Text

-- | The response's http status code.
[$sel:httpStatus:ListPolicyGenerationsResponse'] :: ListPolicyGenerationsResponse -> Int

-- | A <tt>PolicyGeneration</tt> object that contains details about the
--   generated policy.
[$sel:policyGenerations:ListPolicyGenerationsResponse'] :: ListPolicyGenerationsResponse -> [PolicyGeneration]

-- | Create a value of <a>ListPolicyGenerationsResponse</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListPolicyGenerations</a>,
--   <a>listPolicyGenerationsResponse_nextToken</a> - A token used for
--   pagination of results returned.
--   
--   <a>$sel:httpStatus:ListPolicyGenerationsResponse'</a>,
--   <a>listPolicyGenerationsResponse_httpStatus</a> - The response's http
--   status code.
--   
--   <a>$sel:policyGenerations:ListPolicyGenerationsResponse'</a>,
--   <a>listPolicyGenerationsResponse_policyGenerations</a> - A
--   <tt>PolicyGeneration</tt> object that contains details about the
--   generated policy.
newListPolicyGenerationsResponse :: Int -> ListPolicyGenerationsResponse

-- | A token used for pagination of results returned.
listPolicyGenerationsResponse_nextToken :: Lens' ListPolicyGenerationsResponse (Maybe Text)

-- | The response's http status code.
listPolicyGenerationsResponse_httpStatus :: Lens' ListPolicyGenerationsResponse Int

-- | A <tt>PolicyGeneration</tt> object that contains details about the
--   generated policy.
listPolicyGenerationsResponse_policyGenerations :: Lens' ListPolicyGenerationsResponse [PolicyGeneration]
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ListPolicyGenerations.ListPolicyGenerations
instance GHC.Show.Show Amazonka.AccessAnalyzer.ListPolicyGenerations.ListPolicyGenerations
instance GHC.Read.Read Amazonka.AccessAnalyzer.ListPolicyGenerations.ListPolicyGenerations
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ListPolicyGenerations.ListPolicyGenerations
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ListPolicyGenerations.ListPolicyGenerationsResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.ListPolicyGenerations.ListPolicyGenerationsResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.ListPolicyGenerations.ListPolicyGenerationsResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ListPolicyGenerations.ListPolicyGenerationsResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.ListPolicyGenerations.ListPolicyGenerations
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ListPolicyGenerations.ListPolicyGenerationsResponse
instance Amazonka.Pager.AWSPager Amazonka.AccessAnalyzer.ListPolicyGenerations.ListPolicyGenerations
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.ListPolicyGenerations.ListPolicyGenerations
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ListPolicyGenerations.ListPolicyGenerations
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.ListPolicyGenerations.ListPolicyGenerations
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.ListPolicyGenerations.ListPolicyGenerations
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.ListPolicyGenerations.ListPolicyGenerations


-- | Retrieves a list of findings generated by the specified analyzer.
--   
--   To learn about filter keys that you can use to retrieve a list of
--   findings, see <a>IAM Access Analyzer filter keys</a> in the <b>IAM
--   User Guide</b>.
--   
--   This operation returns paginated results.
module Amazonka.AccessAnalyzer.ListFindings

-- | Retrieves a list of findings generated by the specified analyzer.
--   
--   <i>See:</i> <a>newListFindings</a> smart constructor.
data ListFindings
ListFindings' :: Maybe (HashMap Text Criterion) -> Maybe Int -> Maybe Text -> Maybe SortCriteria -> Text -> ListFindings

-- | A filter to match for the findings to return.
[$sel:filter':ListFindings'] :: ListFindings -> Maybe (HashMap Text Criterion)

-- | The maximum number of results to return in the response.
[$sel:maxResults:ListFindings'] :: ListFindings -> Maybe Int

-- | A token used for pagination of results returned.
[$sel:nextToken:ListFindings'] :: ListFindings -> Maybe Text

-- | The sort order for the findings returned.
[$sel:sort:ListFindings'] :: ListFindings -> Maybe SortCriteria

-- | The <a>ARN of the analyzer</a> to retrieve findings from.
[$sel:analyzerArn:ListFindings'] :: ListFindings -> Text

-- | Create a value of <a>ListFindings</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListFindings</a>, <a>listFindings_filter</a> - A filter to match
--   for the findings to return.
--   
--   <a>$sel:maxResults:ListFindings'</a>, <a>listFindings_maxResults</a> -
--   The maximum number of results to return in the response.
--   
--   <a>ListFindings</a>, <a>listFindings_nextToken</a> - A token used for
--   pagination of results returned.
--   
--   <a>$sel:sort:ListFindings'</a>, <a>listFindings_sort</a> - The sort
--   order for the findings returned.
--   
--   <a>ListFindings</a>, <a>listFindings_analyzerArn</a> - The <a>ARN of
--   the analyzer</a> to retrieve findings from.
newListFindings :: Text -> ListFindings

-- | A filter to match for the findings to return.
listFindings_filter :: Lens' ListFindings (Maybe (HashMap Text Criterion))

-- | The maximum number of results to return in the response.
listFindings_maxResults :: Lens' ListFindings (Maybe Int)

-- | A token used for pagination of results returned.
listFindings_nextToken :: Lens' ListFindings (Maybe Text)

-- | The sort order for the findings returned.
listFindings_sort :: Lens' ListFindings (Maybe SortCriteria)

-- | The <a>ARN of the analyzer</a> to retrieve findings from.
listFindings_analyzerArn :: Lens' ListFindings Text

-- | The response to the request.
--   
--   <i>See:</i> <a>newListFindingsResponse</a> smart constructor.
data ListFindingsResponse
ListFindingsResponse' :: Maybe Text -> Int -> [FindingSummary] -> ListFindingsResponse

-- | A token used for pagination of results returned.
[$sel:nextToken:ListFindingsResponse'] :: ListFindingsResponse -> Maybe Text

-- | The response's http status code.
[$sel:httpStatus:ListFindingsResponse'] :: ListFindingsResponse -> Int

-- | A list of findings retrieved from the analyzer that match the filter
--   criteria specified, if any.
[$sel:findings:ListFindingsResponse'] :: ListFindingsResponse -> [FindingSummary]

-- | Create a value of <a>ListFindingsResponse</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListFindings</a>, <a>listFindingsResponse_nextToken</a> - A token
--   used for pagination of results returned.
--   
--   <a>$sel:httpStatus:ListFindingsResponse'</a>,
--   <a>listFindingsResponse_httpStatus</a> - The response's http status
--   code.
--   
--   <a>$sel:findings:ListFindingsResponse'</a>,
--   <a>listFindingsResponse_findings</a> - A list of findings retrieved
--   from the analyzer that match the filter criteria specified, if any.
newListFindingsResponse :: Int -> ListFindingsResponse

-- | A token used for pagination of results returned.
listFindingsResponse_nextToken :: Lens' ListFindingsResponse (Maybe Text)

-- | The response's http status code.
listFindingsResponse_httpStatus :: Lens' ListFindingsResponse Int

-- | A list of findings retrieved from the analyzer that match the filter
--   criteria specified, if any.
listFindingsResponse_findings :: Lens' ListFindingsResponse [FindingSummary]
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ListFindings.ListFindings
instance GHC.Show.Show Amazonka.AccessAnalyzer.ListFindings.ListFindings
instance GHC.Read.Read Amazonka.AccessAnalyzer.ListFindings.ListFindings
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ListFindings.ListFindings
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ListFindings.ListFindingsResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.ListFindings.ListFindingsResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.ListFindings.ListFindingsResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ListFindings.ListFindingsResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.ListFindings.ListFindings
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ListFindings.ListFindingsResponse
instance Amazonka.Pager.AWSPager Amazonka.AccessAnalyzer.ListFindings.ListFindings
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.ListFindings.ListFindings
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ListFindings.ListFindings
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.ListFindings.ListFindings
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.ListFindings.ListFindings
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.ListFindings.ListFindings
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.ListFindings.ListFindings


-- | Retrieves a list of archive rules created for the specified analyzer.
--   
--   This operation returns paginated results.
module Amazonka.AccessAnalyzer.ListArchiveRules

-- | Retrieves a list of archive rules created for the specified analyzer.
--   
--   <i>See:</i> <a>newListArchiveRules</a> smart constructor.
data ListArchiveRules
ListArchiveRules' :: Maybe Int -> Maybe Text -> Text -> ListArchiveRules

-- | The maximum number of results to return in the request.
[$sel:maxResults:ListArchiveRules'] :: ListArchiveRules -> Maybe Int

-- | A token used for pagination of results returned.
[$sel:nextToken:ListArchiveRules'] :: ListArchiveRules -> Maybe Text

-- | The name of the analyzer to retrieve rules from.
[$sel:analyzerName:ListArchiveRules'] :: ListArchiveRules -> Text

-- | Create a value of <a>ListArchiveRules</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:maxResults:ListArchiveRules'</a>,
--   <a>listArchiveRules_maxResults</a> - The maximum number of results to
--   return in the request.
--   
--   <a>ListArchiveRules</a>, <a>listArchiveRules_nextToken</a> - A token
--   used for pagination of results returned.
--   
--   <a>$sel:analyzerName:ListArchiveRules'</a>,
--   <a>listArchiveRules_analyzerName</a> - The name of the analyzer to
--   retrieve rules from.
newListArchiveRules :: Text -> ListArchiveRules

-- | The maximum number of results to return in the request.
listArchiveRules_maxResults :: Lens' ListArchiveRules (Maybe Int)

-- | A token used for pagination of results returned.
listArchiveRules_nextToken :: Lens' ListArchiveRules (Maybe Text)

-- | The name of the analyzer to retrieve rules from.
listArchiveRules_analyzerName :: Lens' ListArchiveRules Text

-- | The response to the request.
--   
--   <i>See:</i> <a>newListArchiveRulesResponse</a> smart constructor.
data ListArchiveRulesResponse
ListArchiveRulesResponse' :: Maybe Text -> Int -> [ArchiveRuleSummary] -> ListArchiveRulesResponse

-- | A token used for pagination of results returned.
[$sel:nextToken:ListArchiveRulesResponse'] :: ListArchiveRulesResponse -> Maybe Text

-- | The response's http status code.
[$sel:httpStatus:ListArchiveRulesResponse'] :: ListArchiveRulesResponse -> Int

-- | A list of archive rules created for the specified analyzer.
[$sel:archiveRules:ListArchiveRulesResponse'] :: ListArchiveRulesResponse -> [ArchiveRuleSummary]

-- | Create a value of <a>ListArchiveRulesResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListArchiveRules</a>, <a>listArchiveRulesResponse_nextToken</a> - A
--   token used for pagination of results returned.
--   
--   <a>$sel:httpStatus:ListArchiveRulesResponse'</a>,
--   <a>listArchiveRulesResponse_httpStatus</a> - The response's http
--   status code.
--   
--   <a>$sel:archiveRules:ListArchiveRulesResponse'</a>,
--   <a>listArchiveRulesResponse_archiveRules</a> - A list of archive rules
--   created for the specified analyzer.
newListArchiveRulesResponse :: Int -> ListArchiveRulesResponse

-- | A token used for pagination of results returned.
listArchiveRulesResponse_nextToken :: Lens' ListArchiveRulesResponse (Maybe Text)

-- | The response's http status code.
listArchiveRulesResponse_httpStatus :: Lens' ListArchiveRulesResponse Int

-- | A list of archive rules created for the specified analyzer.
listArchiveRulesResponse_archiveRules :: Lens' ListArchiveRulesResponse [ArchiveRuleSummary]
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ListArchiveRules.ListArchiveRules
instance GHC.Show.Show Amazonka.AccessAnalyzer.ListArchiveRules.ListArchiveRules
instance GHC.Read.Read Amazonka.AccessAnalyzer.ListArchiveRules.ListArchiveRules
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ListArchiveRules.ListArchiveRules
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ListArchiveRules.ListArchiveRulesResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.ListArchiveRules.ListArchiveRulesResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.ListArchiveRules.ListArchiveRulesResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ListArchiveRules.ListArchiveRulesResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.ListArchiveRules.ListArchiveRules
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ListArchiveRules.ListArchiveRulesResponse
instance Amazonka.Pager.AWSPager Amazonka.AccessAnalyzer.ListArchiveRules.ListArchiveRules
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.ListArchiveRules.ListArchiveRules
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ListArchiveRules.ListArchiveRules
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.ListArchiveRules.ListArchiveRules
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.ListArchiveRules.ListArchiveRules
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.ListArchiveRules.ListArchiveRules


-- | Retrieves a list of analyzers.
--   
--   This operation returns paginated results.
module Amazonka.AccessAnalyzer.ListAnalyzers

-- | Retrieves a list of analyzers.
--   
--   <i>See:</i> <a>newListAnalyzers</a> smart constructor.
data ListAnalyzers
ListAnalyzers' :: Maybe Int -> Maybe Text -> Maybe Type -> ListAnalyzers

-- | The maximum number of results to return in the response.
[$sel:maxResults:ListAnalyzers'] :: ListAnalyzers -> Maybe Int

-- | A token used for pagination of results returned.
[$sel:nextToken:ListAnalyzers'] :: ListAnalyzers -> Maybe Text

-- | The type of analyzer.
[$sel:type':ListAnalyzers'] :: ListAnalyzers -> Maybe Type

-- | Create a value of <a>ListAnalyzers</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:maxResults:ListAnalyzers'</a>, <a>listAnalyzers_maxResults</a>
--   - The maximum number of results to return in the response.
--   
--   <a>ListAnalyzers</a>, <a>listAnalyzers_nextToken</a> - A token used
--   for pagination of results returned.
--   
--   <a>ListAnalyzers</a>, <a>listAnalyzers_type</a> - The type of
--   analyzer.
newListAnalyzers :: ListAnalyzers

-- | The maximum number of results to return in the response.
listAnalyzers_maxResults :: Lens' ListAnalyzers (Maybe Int)

-- | A token used for pagination of results returned.
listAnalyzers_nextToken :: Lens' ListAnalyzers (Maybe Text)

-- | The type of analyzer.
listAnalyzers_type :: Lens' ListAnalyzers (Maybe Type)

-- | The response to the request.
--   
--   <i>See:</i> <a>newListAnalyzersResponse</a> smart constructor.
data ListAnalyzersResponse
ListAnalyzersResponse' :: Maybe Text -> Int -> [AnalyzerSummary] -> ListAnalyzersResponse

-- | A token used for pagination of results returned.
[$sel:nextToken:ListAnalyzersResponse'] :: ListAnalyzersResponse -> Maybe Text

-- | The response's http status code.
[$sel:httpStatus:ListAnalyzersResponse'] :: ListAnalyzersResponse -> Int

-- | The analyzers retrieved.
[$sel:analyzers:ListAnalyzersResponse'] :: ListAnalyzersResponse -> [AnalyzerSummary]

-- | Create a value of <a>ListAnalyzersResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListAnalyzers</a>, <a>listAnalyzersResponse_nextToken</a> - A token
--   used for pagination of results returned.
--   
--   <a>$sel:httpStatus:ListAnalyzersResponse'</a>,
--   <a>listAnalyzersResponse_httpStatus</a> - The response's http status
--   code.
--   
--   <a>$sel:analyzers:ListAnalyzersResponse'</a>,
--   <a>listAnalyzersResponse_analyzers</a> - The analyzers retrieved.
newListAnalyzersResponse :: Int -> ListAnalyzersResponse

-- | A token used for pagination of results returned.
listAnalyzersResponse_nextToken :: Lens' ListAnalyzersResponse (Maybe Text)

-- | The response's http status code.
listAnalyzersResponse_httpStatus :: Lens' ListAnalyzersResponse Int

-- | The analyzers retrieved.
listAnalyzersResponse_analyzers :: Lens' ListAnalyzersResponse [AnalyzerSummary]
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ListAnalyzers.ListAnalyzers
instance GHC.Show.Show Amazonka.AccessAnalyzer.ListAnalyzers.ListAnalyzers
instance GHC.Read.Read Amazonka.AccessAnalyzer.ListAnalyzers.ListAnalyzers
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ListAnalyzers.ListAnalyzers
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ListAnalyzers.ListAnalyzersResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.ListAnalyzers.ListAnalyzersResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.ListAnalyzers.ListAnalyzersResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ListAnalyzers.ListAnalyzersResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.ListAnalyzers.ListAnalyzers
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ListAnalyzers.ListAnalyzersResponse
instance Amazonka.Pager.AWSPager Amazonka.AccessAnalyzer.ListAnalyzers.ListAnalyzers
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.ListAnalyzers.ListAnalyzers
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ListAnalyzers.ListAnalyzers
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.ListAnalyzers.ListAnalyzers
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.ListAnalyzers.ListAnalyzers
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.ListAnalyzers.ListAnalyzers


-- | Retrieves a list of resources of the specified type that have been
--   analyzed by the specified analyzer..
--   
--   This operation returns paginated results.
module Amazonka.AccessAnalyzer.ListAnalyzedResources

-- | Retrieves a list of resources that have been analyzed.
--   
--   <i>See:</i> <a>newListAnalyzedResources</a> smart constructor.
data ListAnalyzedResources
ListAnalyzedResources' :: Maybe Int -> Maybe Text -> Maybe ResourceType -> Text -> ListAnalyzedResources

-- | The maximum number of results to return in the response.
[$sel:maxResults:ListAnalyzedResources'] :: ListAnalyzedResources -> Maybe Int

-- | A token used for pagination of results returned.
[$sel:nextToken:ListAnalyzedResources'] :: ListAnalyzedResources -> Maybe Text

-- | The type of resource.
[$sel:resourceType:ListAnalyzedResources'] :: ListAnalyzedResources -> Maybe ResourceType

-- | The <a>ARN of the analyzer</a> to retrieve a list of analyzed
--   resources from.
[$sel:analyzerArn:ListAnalyzedResources'] :: ListAnalyzedResources -> Text

-- | Create a value of <a>ListAnalyzedResources</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:maxResults:ListAnalyzedResources'</a>,
--   <a>listAnalyzedResources_maxResults</a> - The maximum number of
--   results to return in the response.
--   
--   <a>ListAnalyzedResources</a>, <a>listAnalyzedResources_nextToken</a> -
--   A token used for pagination of results returned.
--   
--   <a>ListAnalyzedResources</a>,
--   <a>listAnalyzedResources_resourceType</a> - The type of resource.
--   
--   <a>ListAnalyzedResources</a>, <a>listAnalyzedResources_analyzerArn</a>
--   - The <a>ARN of the analyzer</a> to retrieve a list of analyzed
--   resources from.
newListAnalyzedResources :: Text -> ListAnalyzedResources

-- | The maximum number of results to return in the response.
listAnalyzedResources_maxResults :: Lens' ListAnalyzedResources (Maybe Int)

-- | A token used for pagination of results returned.
listAnalyzedResources_nextToken :: Lens' ListAnalyzedResources (Maybe Text)

-- | The type of resource.
listAnalyzedResources_resourceType :: Lens' ListAnalyzedResources (Maybe ResourceType)

-- | The <a>ARN of the analyzer</a> to retrieve a list of analyzed
--   resources from.
listAnalyzedResources_analyzerArn :: Lens' ListAnalyzedResources Text

-- | The response to the request.
--   
--   <i>See:</i> <a>newListAnalyzedResourcesResponse</a> smart constructor.
data ListAnalyzedResourcesResponse
ListAnalyzedResourcesResponse' :: Maybe Text -> Int -> [AnalyzedResourceSummary] -> ListAnalyzedResourcesResponse

-- | A token used for pagination of results returned.
[$sel:nextToken:ListAnalyzedResourcesResponse'] :: ListAnalyzedResourcesResponse -> Maybe Text

-- | The response's http status code.
[$sel:httpStatus:ListAnalyzedResourcesResponse'] :: ListAnalyzedResourcesResponse -> Int

-- | A list of resources that were analyzed.
[$sel:analyzedResources:ListAnalyzedResourcesResponse'] :: ListAnalyzedResourcesResponse -> [AnalyzedResourceSummary]

-- | Create a value of <a>ListAnalyzedResourcesResponse</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListAnalyzedResources</a>,
--   <a>listAnalyzedResourcesResponse_nextToken</a> - A token used for
--   pagination of results returned.
--   
--   <a>$sel:httpStatus:ListAnalyzedResourcesResponse'</a>,
--   <a>listAnalyzedResourcesResponse_httpStatus</a> - The response's http
--   status code.
--   
--   <a>$sel:analyzedResources:ListAnalyzedResourcesResponse'</a>,
--   <a>listAnalyzedResourcesResponse_analyzedResources</a> - A list of
--   resources that were analyzed.
newListAnalyzedResourcesResponse :: Int -> ListAnalyzedResourcesResponse

-- | A token used for pagination of results returned.
listAnalyzedResourcesResponse_nextToken :: Lens' ListAnalyzedResourcesResponse (Maybe Text)

-- | The response's http status code.
listAnalyzedResourcesResponse_httpStatus :: Lens' ListAnalyzedResourcesResponse Int

-- | A list of resources that were analyzed.
listAnalyzedResourcesResponse_analyzedResources :: Lens' ListAnalyzedResourcesResponse [AnalyzedResourceSummary]
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResources
instance GHC.Show.Show Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResources
instance GHC.Read.Read Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResources
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResources
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResourcesResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResourcesResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResourcesResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResourcesResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResources
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResourcesResponse
instance Amazonka.Pager.AWSPager Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResources
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResources
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResources
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResources
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResources
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResources
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.ListAnalyzedResources.ListAnalyzedResources


-- | Retrieves a list of access previews for the specified analyzer.
--   
--   This operation returns paginated results.
module Amazonka.AccessAnalyzer.ListAccessPreviews

-- | <i>See:</i> <a>newListAccessPreviews</a> smart constructor.
data ListAccessPreviews
ListAccessPreviews' :: Maybe Int -> Maybe Text -> Text -> ListAccessPreviews

-- | The maximum number of results to return in the response.
[$sel:maxResults:ListAccessPreviews'] :: ListAccessPreviews -> Maybe Int

-- | A token used for pagination of results returned.
[$sel:nextToken:ListAccessPreviews'] :: ListAccessPreviews -> Maybe Text

-- | The <a>ARN of the analyzer</a> used to generate the access preview.
[$sel:analyzerArn:ListAccessPreviews'] :: ListAccessPreviews -> Text

-- | Create a value of <a>ListAccessPreviews</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:maxResults:ListAccessPreviews'</a>,
--   <a>listAccessPreviews_maxResults</a> - The maximum number of results
--   to return in the response.
--   
--   <a>ListAccessPreviews</a>, <a>listAccessPreviews_nextToken</a> - A
--   token used for pagination of results returned.
--   
--   <a>ListAccessPreviews</a>, <a>listAccessPreviews_analyzerArn</a> - The
--   <a>ARN of the analyzer</a> used to generate the access preview.
newListAccessPreviews :: Text -> ListAccessPreviews

-- | The maximum number of results to return in the response.
listAccessPreviews_maxResults :: Lens' ListAccessPreviews (Maybe Int)

-- | A token used for pagination of results returned.
listAccessPreviews_nextToken :: Lens' ListAccessPreviews (Maybe Text)

-- | The <a>ARN of the analyzer</a> used to generate the access preview.
listAccessPreviews_analyzerArn :: Lens' ListAccessPreviews Text

-- | <i>See:</i> <a>newListAccessPreviewsResponse</a> smart constructor.
data ListAccessPreviewsResponse
ListAccessPreviewsResponse' :: Maybe Text -> Int -> [AccessPreviewSummary] -> ListAccessPreviewsResponse

-- | A token used for pagination of results returned.
[$sel:nextToken:ListAccessPreviewsResponse'] :: ListAccessPreviewsResponse -> Maybe Text

-- | The response's http status code.
[$sel:httpStatus:ListAccessPreviewsResponse'] :: ListAccessPreviewsResponse -> Int

-- | A list of access previews retrieved for the analyzer.
[$sel:accessPreviews:ListAccessPreviewsResponse'] :: ListAccessPreviewsResponse -> [AccessPreviewSummary]

-- | Create a value of <a>ListAccessPreviewsResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListAccessPreviews</a>, <a>listAccessPreviewsResponse_nextToken</a>
--   - A token used for pagination of results returned.
--   
--   <a>$sel:httpStatus:ListAccessPreviewsResponse'</a>,
--   <a>listAccessPreviewsResponse_httpStatus</a> - The response's http
--   status code.
--   
--   <a>$sel:accessPreviews:ListAccessPreviewsResponse'</a>,
--   <a>listAccessPreviewsResponse_accessPreviews</a> - A list of access
--   previews retrieved for the analyzer.
newListAccessPreviewsResponse :: Int -> ListAccessPreviewsResponse

-- | A token used for pagination of results returned.
listAccessPreviewsResponse_nextToken :: Lens' ListAccessPreviewsResponse (Maybe Text)

-- | The response's http status code.
listAccessPreviewsResponse_httpStatus :: Lens' ListAccessPreviewsResponse Int

-- | A list of access previews retrieved for the analyzer.
listAccessPreviewsResponse_accessPreviews :: Lens' ListAccessPreviewsResponse [AccessPreviewSummary]
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ListAccessPreviews.ListAccessPreviews
instance GHC.Show.Show Amazonka.AccessAnalyzer.ListAccessPreviews.ListAccessPreviews
instance GHC.Read.Read Amazonka.AccessAnalyzer.ListAccessPreviews.ListAccessPreviews
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ListAccessPreviews.ListAccessPreviews
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ListAccessPreviews.ListAccessPreviewsResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.ListAccessPreviews.ListAccessPreviewsResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.ListAccessPreviews.ListAccessPreviewsResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ListAccessPreviews.ListAccessPreviewsResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.ListAccessPreviews.ListAccessPreviews
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ListAccessPreviews.ListAccessPreviewsResponse
instance Amazonka.Pager.AWSPager Amazonka.AccessAnalyzer.ListAccessPreviews.ListAccessPreviews
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.ListAccessPreviews.ListAccessPreviews
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ListAccessPreviews.ListAccessPreviews
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.ListAccessPreviews.ListAccessPreviews
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.ListAccessPreviews.ListAccessPreviews
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.ListAccessPreviews.ListAccessPreviews


-- | Retrieves a list of access preview findings generated by the specified
--   access preview.
--   
--   This operation returns paginated results.
module Amazonka.AccessAnalyzer.ListAccessPreviewFindings

-- | <i>See:</i> <a>newListAccessPreviewFindings</a> smart constructor.
data ListAccessPreviewFindings
ListAccessPreviewFindings' :: Maybe (HashMap Text Criterion) -> Maybe Int -> Maybe Text -> Text -> Text -> ListAccessPreviewFindings

-- | Criteria to filter the returned findings.
[$sel:filter':ListAccessPreviewFindings'] :: ListAccessPreviewFindings -> Maybe (HashMap Text Criterion)

-- | The maximum number of results to return in the response.
[$sel:maxResults:ListAccessPreviewFindings'] :: ListAccessPreviewFindings -> Maybe Int

-- | A token used for pagination of results returned.
[$sel:nextToken:ListAccessPreviewFindings'] :: ListAccessPreviewFindings -> Maybe Text

-- | The unique ID for the access preview.
[$sel:accessPreviewId:ListAccessPreviewFindings'] :: ListAccessPreviewFindings -> Text

-- | The <a>ARN of the analyzer</a> used to generate the access.
[$sel:analyzerArn:ListAccessPreviewFindings'] :: ListAccessPreviewFindings -> Text

-- | Create a value of <a>ListAccessPreviewFindings</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListAccessPreviewFindings</a>,
--   <a>listAccessPreviewFindings_filter</a> - Criteria to filter the
--   returned findings.
--   
--   <a>$sel:maxResults:ListAccessPreviewFindings'</a>,
--   <a>listAccessPreviewFindings_maxResults</a> - The maximum number of
--   results to return in the response.
--   
--   <a>ListAccessPreviewFindings</a>,
--   <a>listAccessPreviewFindings_nextToken</a> - A token used for
--   pagination of results returned.
--   
--   <a>$sel:accessPreviewId:ListAccessPreviewFindings'</a>,
--   <a>listAccessPreviewFindings_accessPreviewId</a> - The unique ID for
--   the access preview.
--   
--   <a>ListAccessPreviewFindings</a>,
--   <a>listAccessPreviewFindings_analyzerArn</a> - The <a>ARN of the
--   analyzer</a> used to generate the access.
newListAccessPreviewFindings :: Text -> Text -> ListAccessPreviewFindings

-- | Criteria to filter the returned findings.
listAccessPreviewFindings_filter :: Lens' ListAccessPreviewFindings (Maybe (HashMap Text Criterion))

-- | The maximum number of results to return in the response.
listAccessPreviewFindings_maxResults :: Lens' ListAccessPreviewFindings (Maybe Int)

-- | A token used for pagination of results returned.
listAccessPreviewFindings_nextToken :: Lens' ListAccessPreviewFindings (Maybe Text)

-- | The unique ID for the access preview.
listAccessPreviewFindings_accessPreviewId :: Lens' ListAccessPreviewFindings Text

-- | The <a>ARN of the analyzer</a> used to generate the access.
listAccessPreviewFindings_analyzerArn :: Lens' ListAccessPreviewFindings Text

-- | <i>See:</i> <a>newListAccessPreviewFindingsResponse</a> smart
--   constructor.
data ListAccessPreviewFindingsResponse
ListAccessPreviewFindingsResponse' :: Maybe Text -> Int -> [AccessPreviewFinding] -> ListAccessPreviewFindingsResponse

-- | A token used for pagination of results returned.
[$sel:nextToken:ListAccessPreviewFindingsResponse'] :: ListAccessPreviewFindingsResponse -> Maybe Text

-- | The response's http status code.
[$sel:httpStatus:ListAccessPreviewFindingsResponse'] :: ListAccessPreviewFindingsResponse -> Int

-- | A list of access preview findings that match the specified filter
--   criteria.
[$sel:findings:ListAccessPreviewFindingsResponse'] :: ListAccessPreviewFindingsResponse -> [AccessPreviewFinding]

-- | Create a value of <a>ListAccessPreviewFindingsResponse</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListAccessPreviewFindings</a>,
--   <a>listAccessPreviewFindingsResponse_nextToken</a> - A token used for
--   pagination of results returned.
--   
--   <a>$sel:httpStatus:ListAccessPreviewFindingsResponse'</a>,
--   <a>listAccessPreviewFindingsResponse_httpStatus</a> - The response's
--   http status code.
--   
--   <a>$sel:findings:ListAccessPreviewFindingsResponse'</a>,
--   <a>listAccessPreviewFindingsResponse_findings</a> - A list of access
--   preview findings that match the specified filter criteria.
newListAccessPreviewFindingsResponse :: Int -> ListAccessPreviewFindingsResponse

-- | A token used for pagination of results returned.
listAccessPreviewFindingsResponse_nextToken :: Lens' ListAccessPreviewFindingsResponse (Maybe Text)

-- | The response's http status code.
listAccessPreviewFindingsResponse_httpStatus :: Lens' ListAccessPreviewFindingsResponse Int

-- | A list of access preview findings that match the specified filter
--   criteria.
listAccessPreviewFindingsResponse_findings :: Lens' ListAccessPreviewFindingsResponse [AccessPreviewFinding]
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindings
instance GHC.Show.Show Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindings
instance GHC.Read.Read Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindings
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindings
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindingsResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindingsResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindingsResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindingsResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindings
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindingsResponse
instance Amazonka.Pager.AWSPager Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindings
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindings
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindings
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindings
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindings
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindings
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.ListAccessPreviewFindings.ListAccessPreviewFindings


-- | Retrieves the policy that was generated using
--   <tt>StartPolicyGeneration</tt>.
module Amazonka.AccessAnalyzer.GetGeneratedPolicy

-- | <i>See:</i> <a>newGetGeneratedPolicy</a> smart constructor.
data GetGeneratedPolicy
GetGeneratedPolicy' :: Maybe Bool -> Maybe Bool -> Text -> GetGeneratedPolicy

-- | The level of detail that you want to generate. You can specify whether
--   to generate policies with placeholders for resource ARNs for actions
--   that support resource level granularity in policies.
--   
--   For example, in the resource section of a policy, you can receive a
--   placeholder such as <tt>"Resource":"arn:aws:s3:::${BucketName}"</tt>
--   instead of <tt>"*"</tt>.
[$sel:includeResourcePlaceholders:GetGeneratedPolicy'] :: GetGeneratedPolicy -> Maybe Bool

-- | The level of detail that you want to generate. You can specify whether
--   to generate service-level policies.
--   
--   IAM Access Analyzer uses <tt>iam:servicelastaccessed</tt> to identify
--   services that have been used recently to create this service-level
--   template.
[$sel:includeServiceLevelTemplate:GetGeneratedPolicy'] :: GetGeneratedPolicy -> Maybe Bool

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
[$sel:jobId:GetGeneratedPolicy'] :: GetGeneratedPolicy -> Text

-- | Create a value of <a>GetGeneratedPolicy</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:includeResourcePlaceholders:GetGeneratedPolicy'</a>,
--   <a>getGeneratedPolicy_includeResourcePlaceholders</a> - The level of
--   detail that you want to generate. You can specify whether to generate
--   policies with placeholders for resource ARNs for actions that support
--   resource level granularity in policies.
--   
--   For example, in the resource section of a policy, you can receive a
--   placeholder such as <tt>"Resource":"arn:aws:s3:::${BucketName}"</tt>
--   instead of <tt>"*"</tt>.
--   
--   <a>$sel:includeServiceLevelTemplate:GetGeneratedPolicy'</a>,
--   <a>getGeneratedPolicy_includeServiceLevelTemplate</a> - The level of
--   detail that you want to generate. You can specify whether to generate
--   service-level policies.
--   
--   IAM Access Analyzer uses <tt>iam:servicelastaccessed</tt> to identify
--   services that have been used recently to create this service-level
--   template.
--   
--   <a>GetGeneratedPolicy</a>, <a>getGeneratedPolicy_jobId</a> - The
--   <tt>JobId</tt> that is returned by the <tt>StartPolicyGeneration</tt>
--   operation. The <tt>JobId</tt> can be used with
--   <tt>GetGeneratedPolicy</tt> to retrieve the generated policies or used
--   with <tt>CancelPolicyGeneration</tt> to cancel the policy generation
--   request.
newGetGeneratedPolicy :: Text -> GetGeneratedPolicy

-- | The level of detail that you want to generate. You can specify whether
--   to generate policies with placeholders for resource ARNs for actions
--   that support resource level granularity in policies.
--   
--   For example, in the resource section of a policy, you can receive a
--   placeholder such as <tt>"Resource":"arn:aws:s3:::${BucketName}"</tt>
--   instead of <tt>"*"</tt>.
getGeneratedPolicy_includeResourcePlaceholders :: Lens' GetGeneratedPolicy (Maybe Bool)

-- | The level of detail that you want to generate. You can specify whether
--   to generate service-level policies.
--   
--   IAM Access Analyzer uses <tt>iam:servicelastaccessed</tt> to identify
--   services that have been used recently to create this service-level
--   template.
getGeneratedPolicy_includeServiceLevelTemplate :: Lens' GetGeneratedPolicy (Maybe Bool)

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
getGeneratedPolicy_jobId :: Lens' GetGeneratedPolicy Text

-- | <i>See:</i> <a>newGetGeneratedPolicyResponse</a> smart constructor.
data GetGeneratedPolicyResponse
GetGeneratedPolicyResponse' :: Int -> JobDetails -> GeneratedPolicyResult -> GetGeneratedPolicyResponse

-- | The response's http status code.
[$sel:httpStatus:GetGeneratedPolicyResponse'] :: GetGeneratedPolicyResponse -> Int

-- | A <tt>GeneratedPolicyDetails</tt> object that contains details about
--   the generated policy.
[$sel:jobDetails:GetGeneratedPolicyResponse'] :: GetGeneratedPolicyResponse -> JobDetails

-- | A <tt>GeneratedPolicyResult</tt> object that contains the generated
--   policies and associated details.
[$sel:generatedPolicyResult:GetGeneratedPolicyResponse'] :: GetGeneratedPolicyResponse -> GeneratedPolicyResult

-- | Create a value of <a>GetGeneratedPolicyResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:GetGeneratedPolicyResponse'</a>,
--   <a>getGeneratedPolicyResponse_httpStatus</a> - The response's http
--   status code.
--   
--   <a>$sel:jobDetails:GetGeneratedPolicyResponse'</a>,
--   <a>getGeneratedPolicyResponse_jobDetails</a> - A
--   <tt>GeneratedPolicyDetails</tt> object that contains details about the
--   generated policy.
--   
--   <a>$sel:generatedPolicyResult:GetGeneratedPolicyResponse'</a>,
--   <a>getGeneratedPolicyResponse_generatedPolicyResult</a> - A
--   <tt>GeneratedPolicyResult</tt> object that contains the generated
--   policies and associated details.
newGetGeneratedPolicyResponse :: Int -> JobDetails -> GeneratedPolicyResult -> GetGeneratedPolicyResponse

-- | The response's http status code.
getGeneratedPolicyResponse_httpStatus :: Lens' GetGeneratedPolicyResponse Int

-- | A <tt>GeneratedPolicyDetails</tt> object that contains details about
--   the generated policy.
getGeneratedPolicyResponse_jobDetails :: Lens' GetGeneratedPolicyResponse JobDetails

-- | A <tt>GeneratedPolicyResult</tt> object that contains the generated
--   policies and associated details.
getGeneratedPolicyResponse_generatedPolicyResult :: Lens' GetGeneratedPolicyResponse GeneratedPolicyResult
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.GetGeneratedPolicy.GetGeneratedPolicy
instance GHC.Show.Show Amazonka.AccessAnalyzer.GetGeneratedPolicy.GetGeneratedPolicy
instance GHC.Read.Read Amazonka.AccessAnalyzer.GetGeneratedPolicy.GetGeneratedPolicy
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.GetGeneratedPolicy.GetGeneratedPolicy
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.GetGeneratedPolicy.GetGeneratedPolicyResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.GetGeneratedPolicy.GetGeneratedPolicyResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.GetGeneratedPolicy.GetGeneratedPolicyResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.GetGeneratedPolicy.GetGeneratedPolicyResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.GetGeneratedPolicy.GetGeneratedPolicy
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.GetGeneratedPolicy.GetGeneratedPolicyResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.GetGeneratedPolicy.GetGeneratedPolicy
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.GetGeneratedPolicy.GetGeneratedPolicy
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.GetGeneratedPolicy.GetGeneratedPolicy
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.GetGeneratedPolicy.GetGeneratedPolicy
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.GetGeneratedPolicy.GetGeneratedPolicy


-- | Retrieves information about the specified finding.
module Amazonka.AccessAnalyzer.GetFinding

-- | Retrieves a finding.
--   
--   <i>See:</i> <a>newGetFinding</a> smart constructor.
data GetFinding
GetFinding' :: Text -> Text -> GetFinding

-- | The <a>ARN of the analyzer</a> that generated the finding.
[$sel:analyzerArn:GetFinding'] :: GetFinding -> Text

-- | The ID of the finding to retrieve.
[$sel:id:GetFinding'] :: GetFinding -> Text

-- | Create a value of <a>GetFinding</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>GetFinding</a>, <a>getFinding_analyzerArn</a> - The <a>ARN of the
--   analyzer</a> that generated the finding.
--   
--   <a>GetFinding</a>, <a>getFinding_id</a> - The ID of the finding to
--   retrieve.
newGetFinding :: Text -> Text -> GetFinding

-- | The <a>ARN of the analyzer</a> that generated the finding.
getFinding_analyzerArn :: Lens' GetFinding Text

-- | The ID of the finding to retrieve.
getFinding_id :: Lens' GetFinding Text

-- | The response to the request.
--   
--   <i>See:</i> <a>newGetFindingResponse</a> smart constructor.
data GetFindingResponse
GetFindingResponse' :: Maybe Finding -> Int -> GetFindingResponse

-- | A <tt>finding</tt> object that contains finding details.
[$sel:finding:GetFindingResponse'] :: GetFindingResponse -> Maybe Finding

-- | The response's http status code.
[$sel:httpStatus:GetFindingResponse'] :: GetFindingResponse -> Int

-- | Create a value of <a>GetFindingResponse</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:finding:GetFindingResponse'</a>,
--   <a>getFindingResponse_finding</a> - A <tt>finding</tt> object that
--   contains finding details.
--   
--   <a>$sel:httpStatus:GetFindingResponse'</a>,
--   <a>getFindingResponse_httpStatus</a> - The response's http status
--   code.
newGetFindingResponse :: Int -> GetFindingResponse

-- | A <tt>finding</tt> object that contains finding details.
getFindingResponse_finding :: Lens' GetFindingResponse (Maybe Finding)

-- | The response's http status code.
getFindingResponse_httpStatus :: Lens' GetFindingResponse Int
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.GetFinding.GetFinding
instance GHC.Show.Show Amazonka.AccessAnalyzer.GetFinding.GetFinding
instance GHC.Read.Read Amazonka.AccessAnalyzer.GetFinding.GetFinding
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.GetFinding.GetFinding
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.GetFinding.GetFindingResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.GetFinding.GetFindingResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.GetFinding.GetFindingResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.GetFinding.GetFindingResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.GetFinding.GetFinding
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.GetFinding.GetFindingResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.GetFinding.GetFinding
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.GetFinding.GetFinding
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.GetFinding.GetFinding
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.GetFinding.GetFinding
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.GetFinding.GetFinding


-- | Retrieves information about an archive rule.
--   
--   To learn about filter keys that you can use to create an archive rule,
--   see <a>IAM Access Analyzer filter keys</a> in the <b>IAM User
--   Guide</b>.
module Amazonka.AccessAnalyzer.GetArchiveRule

-- | Retrieves an archive rule.
--   
--   <i>See:</i> <a>newGetArchiveRule</a> smart constructor.
data GetArchiveRule
GetArchiveRule' :: Text -> Text -> GetArchiveRule

-- | The name of the analyzer to retrieve rules from.
[$sel:analyzerName:GetArchiveRule'] :: GetArchiveRule -> Text

-- | The name of the rule to retrieve.
[$sel:ruleName:GetArchiveRule'] :: GetArchiveRule -> Text

-- | Create a value of <a>GetArchiveRule</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:analyzerName:GetArchiveRule'</a>,
--   <a>getArchiveRule_analyzerName</a> - The name of the analyzer to
--   retrieve rules from.
--   
--   <a>GetArchiveRule</a>, <a>getArchiveRule_ruleName</a> - The name of
--   the rule to retrieve.
newGetArchiveRule :: Text -> Text -> GetArchiveRule

-- | The name of the analyzer to retrieve rules from.
getArchiveRule_analyzerName :: Lens' GetArchiveRule Text

-- | The name of the rule to retrieve.
getArchiveRule_ruleName :: Lens' GetArchiveRule Text

-- | The response to the request.
--   
--   <i>See:</i> <a>newGetArchiveRuleResponse</a> smart constructor.
data GetArchiveRuleResponse
GetArchiveRuleResponse' :: Int -> ArchiveRuleSummary -> GetArchiveRuleResponse

-- | The response's http status code.
[$sel:httpStatus:GetArchiveRuleResponse'] :: GetArchiveRuleResponse -> Int
[$sel:archiveRule:GetArchiveRuleResponse'] :: GetArchiveRuleResponse -> ArchiveRuleSummary

-- | Create a value of <a>GetArchiveRuleResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:GetArchiveRuleResponse'</a>,
--   <a>getArchiveRuleResponse_httpStatus</a> - The response's http status
--   code.
--   
--   <a>$sel:archiveRule:GetArchiveRuleResponse'</a>,
--   <a>getArchiveRuleResponse_archiveRule</a> - Undocumented member.
newGetArchiveRuleResponse :: Int -> ArchiveRuleSummary -> GetArchiveRuleResponse

-- | The response's http status code.
getArchiveRuleResponse_httpStatus :: Lens' GetArchiveRuleResponse Int

-- | Undocumented member.
getArchiveRuleResponse_archiveRule :: Lens' GetArchiveRuleResponse ArchiveRuleSummary
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.GetArchiveRule.GetArchiveRule
instance GHC.Show.Show Amazonka.AccessAnalyzer.GetArchiveRule.GetArchiveRule
instance GHC.Read.Read Amazonka.AccessAnalyzer.GetArchiveRule.GetArchiveRule
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.GetArchiveRule.GetArchiveRule
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.GetArchiveRule.GetArchiveRuleResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.GetArchiveRule.GetArchiveRuleResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.GetArchiveRule.GetArchiveRuleResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.GetArchiveRule.GetArchiveRuleResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.GetArchiveRule.GetArchiveRule
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.GetArchiveRule.GetArchiveRuleResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.GetArchiveRule.GetArchiveRule
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.GetArchiveRule.GetArchiveRule
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.GetArchiveRule.GetArchiveRule
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.GetArchiveRule.GetArchiveRule
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.GetArchiveRule.GetArchiveRule


-- | Retrieves information about the specified analyzer.
module Amazonka.AccessAnalyzer.GetAnalyzer

-- | Retrieves an analyzer.
--   
--   <i>See:</i> <a>newGetAnalyzer</a> smart constructor.
data GetAnalyzer
GetAnalyzer' :: Text -> GetAnalyzer

-- | The name of the analyzer retrieved.
[$sel:analyzerName:GetAnalyzer'] :: GetAnalyzer -> Text

-- | Create a value of <a>GetAnalyzer</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:analyzerName:GetAnalyzer'</a>, <a>getAnalyzer_analyzerName</a>
--   - The name of the analyzer retrieved.
newGetAnalyzer :: Text -> GetAnalyzer

-- | The name of the analyzer retrieved.
getAnalyzer_analyzerName :: Lens' GetAnalyzer Text

-- | The response to the request.
--   
--   <i>See:</i> <a>newGetAnalyzerResponse</a> smart constructor.
data GetAnalyzerResponse
GetAnalyzerResponse' :: Int -> AnalyzerSummary -> GetAnalyzerResponse

-- | The response's http status code.
[$sel:httpStatus:GetAnalyzerResponse'] :: GetAnalyzerResponse -> Int

-- | An <tt>AnalyzerSummary</tt> object that contains information about the
--   analyzer.
[$sel:analyzer:GetAnalyzerResponse'] :: GetAnalyzerResponse -> AnalyzerSummary

-- | Create a value of <a>GetAnalyzerResponse</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:GetAnalyzerResponse'</a>,
--   <a>getAnalyzerResponse_httpStatus</a> - The response's http status
--   code.
--   
--   <a>$sel:analyzer:GetAnalyzerResponse'</a>,
--   <a>getAnalyzerResponse_analyzer</a> - An <tt>AnalyzerSummary</tt>
--   object that contains information about the analyzer.
newGetAnalyzerResponse :: Int -> AnalyzerSummary -> GetAnalyzerResponse

-- | The response's http status code.
getAnalyzerResponse_httpStatus :: Lens' GetAnalyzerResponse Int

-- | An <tt>AnalyzerSummary</tt> object that contains information about the
--   analyzer.
getAnalyzerResponse_analyzer :: Lens' GetAnalyzerResponse AnalyzerSummary
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.GetAnalyzer.GetAnalyzer
instance GHC.Show.Show Amazonka.AccessAnalyzer.GetAnalyzer.GetAnalyzer
instance GHC.Read.Read Amazonka.AccessAnalyzer.GetAnalyzer.GetAnalyzer
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.GetAnalyzer.GetAnalyzer
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.GetAnalyzer.GetAnalyzerResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.GetAnalyzer.GetAnalyzerResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.GetAnalyzer.GetAnalyzerResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.GetAnalyzer.GetAnalyzerResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.GetAnalyzer.GetAnalyzer
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.GetAnalyzer.GetAnalyzerResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.GetAnalyzer.GetAnalyzer
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.GetAnalyzer.GetAnalyzer
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.GetAnalyzer.GetAnalyzer
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.GetAnalyzer.GetAnalyzer
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.GetAnalyzer.GetAnalyzer


-- | Retrieves information about a resource that was analyzed.
module Amazonka.AccessAnalyzer.GetAnalyzedResource

-- | Retrieves an analyzed resource.
--   
--   <i>See:</i> <a>newGetAnalyzedResource</a> smart constructor.
data GetAnalyzedResource
GetAnalyzedResource' :: Text -> Text -> GetAnalyzedResource

-- | The <a>ARN of the analyzer</a> to retrieve information from.
[$sel:analyzerArn:GetAnalyzedResource'] :: GetAnalyzedResource -> Text

-- | The ARN of the resource to retrieve information about.
[$sel:resourceArn:GetAnalyzedResource'] :: GetAnalyzedResource -> Text

-- | Create a value of <a>GetAnalyzedResource</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>GetAnalyzedResource</a>, <a>getAnalyzedResource_analyzerArn</a> -
--   The <a>ARN of the analyzer</a> to retrieve information from.
--   
--   <a>GetAnalyzedResource</a>, <a>getAnalyzedResource_resourceArn</a> -
--   The ARN of the resource to retrieve information about.
newGetAnalyzedResource :: Text -> Text -> GetAnalyzedResource

-- | The <a>ARN of the analyzer</a> to retrieve information from.
getAnalyzedResource_analyzerArn :: Lens' GetAnalyzedResource Text

-- | The ARN of the resource to retrieve information about.
getAnalyzedResource_resourceArn :: Lens' GetAnalyzedResource Text

-- | The response to the request.
--   
--   <i>See:</i> <a>newGetAnalyzedResourceResponse</a> smart constructor.
data GetAnalyzedResourceResponse
GetAnalyzedResourceResponse' :: Maybe AnalyzedResource -> Int -> GetAnalyzedResourceResponse

-- | An <tt>AnalyzedResource</tt> object that contains information that IAM
--   Access Analyzer found when it analyzed the resource.
[$sel:resource:GetAnalyzedResourceResponse'] :: GetAnalyzedResourceResponse -> Maybe AnalyzedResource

-- | The response's http status code.
[$sel:httpStatus:GetAnalyzedResourceResponse'] :: GetAnalyzedResourceResponse -> Int

-- | Create a value of <a>GetAnalyzedResourceResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>GetAnalyzedResourceResponse</a>,
--   <a>getAnalyzedResourceResponse_resource</a> - An
--   <tt>AnalyzedResource</tt> object that contains information that IAM
--   Access Analyzer found when it analyzed the resource.
--   
--   <a>$sel:httpStatus:GetAnalyzedResourceResponse'</a>,
--   <a>getAnalyzedResourceResponse_httpStatus</a> - The response's http
--   status code.
newGetAnalyzedResourceResponse :: Int -> GetAnalyzedResourceResponse

-- | An <tt>AnalyzedResource</tt> object that contains information that IAM
--   Access Analyzer found when it analyzed the resource.
getAnalyzedResourceResponse_resource :: Lens' GetAnalyzedResourceResponse (Maybe AnalyzedResource)

-- | The response's http status code.
getAnalyzedResourceResponse_httpStatus :: Lens' GetAnalyzedResourceResponse Int
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.GetAnalyzedResource.GetAnalyzedResource
instance GHC.Show.Show Amazonka.AccessAnalyzer.GetAnalyzedResource.GetAnalyzedResource
instance GHC.Read.Read Amazonka.AccessAnalyzer.GetAnalyzedResource.GetAnalyzedResource
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.GetAnalyzedResource.GetAnalyzedResource
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.GetAnalyzedResource.GetAnalyzedResourceResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.GetAnalyzedResource.GetAnalyzedResourceResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.GetAnalyzedResource.GetAnalyzedResourceResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.GetAnalyzedResource.GetAnalyzedResourceResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.GetAnalyzedResource.GetAnalyzedResource
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.GetAnalyzedResource.GetAnalyzedResourceResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.GetAnalyzedResource.GetAnalyzedResource
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.GetAnalyzedResource.GetAnalyzedResource
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.GetAnalyzedResource.GetAnalyzedResource
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.GetAnalyzedResource.GetAnalyzedResource
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.GetAnalyzedResource.GetAnalyzedResource


-- | Retrieves information about an access preview for the specified
--   analyzer.
module Amazonka.AccessAnalyzer.GetAccessPreview

-- | <i>See:</i> <a>newGetAccessPreview</a> smart constructor.
data GetAccessPreview
GetAccessPreview' :: Text -> Text -> GetAccessPreview

-- | The unique ID for the access preview.
[$sel:accessPreviewId:GetAccessPreview'] :: GetAccessPreview -> Text

-- | The <a>ARN of the analyzer</a> used to generate the access preview.
[$sel:analyzerArn:GetAccessPreview'] :: GetAccessPreview -> Text

-- | Create a value of <a>GetAccessPreview</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accessPreviewId:GetAccessPreview'</a>,
--   <a>getAccessPreview_accessPreviewId</a> - The unique ID for the access
--   preview.
--   
--   <a>GetAccessPreview</a>, <a>getAccessPreview_analyzerArn</a> - The
--   <a>ARN of the analyzer</a> used to generate the access preview.
newGetAccessPreview :: Text -> Text -> GetAccessPreview

-- | The unique ID for the access preview.
getAccessPreview_accessPreviewId :: Lens' GetAccessPreview Text

-- | The <a>ARN of the analyzer</a> used to generate the access preview.
getAccessPreview_analyzerArn :: Lens' GetAccessPreview Text

-- | <i>See:</i> <a>newGetAccessPreviewResponse</a> smart constructor.
data GetAccessPreviewResponse
GetAccessPreviewResponse' :: Int -> AccessPreview -> GetAccessPreviewResponse

-- | The response's http status code.
[$sel:httpStatus:GetAccessPreviewResponse'] :: GetAccessPreviewResponse -> Int

-- | An object that contains information about the access preview.
[$sel:accessPreview:GetAccessPreviewResponse'] :: GetAccessPreviewResponse -> AccessPreview

-- | Create a value of <a>GetAccessPreviewResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:GetAccessPreviewResponse'</a>,
--   <a>getAccessPreviewResponse_httpStatus</a> - The response's http
--   status code.
--   
--   <a>$sel:accessPreview:GetAccessPreviewResponse'</a>,
--   <a>getAccessPreviewResponse_accessPreview</a> - An object that
--   contains information about the access preview.
newGetAccessPreviewResponse :: Int -> AccessPreview -> GetAccessPreviewResponse

-- | The response's http status code.
getAccessPreviewResponse_httpStatus :: Lens' GetAccessPreviewResponse Int

-- | An object that contains information about the access preview.
getAccessPreviewResponse_accessPreview :: Lens' GetAccessPreviewResponse AccessPreview
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.GetAccessPreview.GetAccessPreview
instance GHC.Show.Show Amazonka.AccessAnalyzer.GetAccessPreview.GetAccessPreview
instance GHC.Read.Read Amazonka.AccessAnalyzer.GetAccessPreview.GetAccessPreview
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.GetAccessPreview.GetAccessPreview
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.GetAccessPreview.GetAccessPreviewResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.GetAccessPreview.GetAccessPreviewResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.GetAccessPreview.GetAccessPreviewResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.GetAccessPreview.GetAccessPreviewResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.GetAccessPreview.GetAccessPreview
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.GetAccessPreview.GetAccessPreviewResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.GetAccessPreview.GetAccessPreview
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.GetAccessPreview.GetAccessPreview
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.GetAccessPreview.GetAccessPreview
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.GetAccessPreview.GetAccessPreview
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.GetAccessPreview.GetAccessPreview


-- | Deletes the specified archive rule.
module Amazonka.AccessAnalyzer.DeleteArchiveRule

-- | Deletes an archive rule.
--   
--   <i>See:</i> <a>newDeleteArchiveRule</a> smart constructor.
data DeleteArchiveRule
DeleteArchiveRule' :: Maybe Text -> Text -> Text -> DeleteArchiveRule

-- | A client token.
[$sel:clientToken:DeleteArchiveRule'] :: DeleteArchiveRule -> Maybe Text

-- | The name of the analyzer that associated with the archive rule to
--   delete.
[$sel:analyzerName:DeleteArchiveRule'] :: DeleteArchiveRule -> Text

-- | The name of the rule to delete.
[$sel:ruleName:DeleteArchiveRule'] :: DeleteArchiveRule -> Text

-- | Create a value of <a>DeleteArchiveRule</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:clientToken:DeleteArchiveRule'</a>,
--   <a>deleteArchiveRule_clientToken</a> - A client token.
--   
--   <a>$sel:analyzerName:DeleteArchiveRule'</a>,
--   <a>deleteArchiveRule_analyzerName</a> - The name of the analyzer that
--   associated with the archive rule to delete.
--   
--   <a>DeleteArchiveRule</a>, <a>deleteArchiveRule_ruleName</a> - The name
--   of the rule to delete.
newDeleteArchiveRule :: Text -> Text -> DeleteArchiveRule

-- | A client token.
deleteArchiveRule_clientToken :: Lens' DeleteArchiveRule (Maybe Text)

-- | The name of the analyzer that associated with the archive rule to
--   delete.
deleteArchiveRule_analyzerName :: Lens' DeleteArchiveRule Text

-- | The name of the rule to delete.
deleteArchiveRule_ruleName :: Lens' DeleteArchiveRule Text

-- | <i>See:</i> <a>newDeleteArchiveRuleResponse</a> smart constructor.
data DeleteArchiveRuleResponse
DeleteArchiveRuleResponse' :: DeleteArchiveRuleResponse

-- | Create a value of <a>DeleteArchiveRuleResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newDeleteArchiveRuleResponse :: DeleteArchiveRuleResponse
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.DeleteArchiveRule.DeleteArchiveRule
instance GHC.Show.Show Amazonka.AccessAnalyzer.DeleteArchiveRule.DeleteArchiveRule
instance GHC.Read.Read Amazonka.AccessAnalyzer.DeleteArchiveRule.DeleteArchiveRule
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.DeleteArchiveRule.DeleteArchiveRule
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.DeleteArchiveRule.DeleteArchiveRuleResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.DeleteArchiveRule.DeleteArchiveRuleResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.DeleteArchiveRule.DeleteArchiveRuleResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.DeleteArchiveRule.DeleteArchiveRuleResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.DeleteArchiveRule.DeleteArchiveRule
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.DeleteArchiveRule.DeleteArchiveRuleResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.DeleteArchiveRule.DeleteArchiveRule
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.DeleteArchiveRule.DeleteArchiveRule
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.DeleteArchiveRule.DeleteArchiveRule
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.DeleteArchiveRule.DeleteArchiveRule
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.DeleteArchiveRule.DeleteArchiveRule


-- | Deletes the specified analyzer. When you delete an analyzer, IAM
--   Access Analyzer is disabled for the account or organization in the
--   current or specific Region. All findings that were generated by the
--   analyzer are deleted. You cannot undo this action.
module Amazonka.AccessAnalyzer.DeleteAnalyzer

-- | Deletes an analyzer.
--   
--   <i>See:</i> <a>newDeleteAnalyzer</a> smart constructor.
data DeleteAnalyzer
DeleteAnalyzer' :: Maybe Text -> Text -> DeleteAnalyzer

-- | A client token.
[$sel:clientToken:DeleteAnalyzer'] :: DeleteAnalyzer -> Maybe Text

-- | The name of the analyzer to delete.
[$sel:analyzerName:DeleteAnalyzer'] :: DeleteAnalyzer -> Text

-- | Create a value of <a>DeleteAnalyzer</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:clientToken:DeleteAnalyzer'</a>,
--   <a>deleteAnalyzer_clientToken</a> - A client token.
--   
--   <a>$sel:analyzerName:DeleteAnalyzer'</a>,
--   <a>deleteAnalyzer_analyzerName</a> - The name of the analyzer to
--   delete.
newDeleteAnalyzer :: Text -> DeleteAnalyzer

-- | A client token.
deleteAnalyzer_clientToken :: Lens' DeleteAnalyzer (Maybe Text)

-- | The name of the analyzer to delete.
deleteAnalyzer_analyzerName :: Lens' DeleteAnalyzer Text

-- | <i>See:</i> <a>newDeleteAnalyzerResponse</a> smart constructor.
data DeleteAnalyzerResponse
DeleteAnalyzerResponse' :: DeleteAnalyzerResponse

-- | Create a value of <a>DeleteAnalyzerResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newDeleteAnalyzerResponse :: DeleteAnalyzerResponse
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.DeleteAnalyzer.DeleteAnalyzer
instance GHC.Show.Show Amazonka.AccessAnalyzer.DeleteAnalyzer.DeleteAnalyzer
instance GHC.Read.Read Amazonka.AccessAnalyzer.DeleteAnalyzer.DeleteAnalyzer
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.DeleteAnalyzer.DeleteAnalyzer
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.DeleteAnalyzer.DeleteAnalyzerResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.DeleteAnalyzer.DeleteAnalyzerResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.DeleteAnalyzer.DeleteAnalyzerResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.DeleteAnalyzer.DeleteAnalyzerResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.DeleteAnalyzer.DeleteAnalyzer
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.DeleteAnalyzer.DeleteAnalyzerResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.DeleteAnalyzer.DeleteAnalyzer
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.DeleteAnalyzer.DeleteAnalyzer
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.DeleteAnalyzer.DeleteAnalyzer
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.DeleteAnalyzer.DeleteAnalyzer
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.DeleteAnalyzer.DeleteAnalyzer


-- | Creates an archive rule for the specified analyzer. Archive rules
--   automatically archive new findings that meet the criteria you define
--   when you create the rule.
--   
--   To learn about filter keys that you can use to create an archive rule,
--   see <a>IAM Access Analyzer filter keys</a> in the <b>IAM User
--   Guide</b>.
module Amazonka.AccessAnalyzer.CreateArchiveRule

-- | Creates an archive rule.
--   
--   <i>See:</i> <a>newCreateArchiveRule</a> smart constructor.
data CreateArchiveRule
CreateArchiveRule' :: Maybe Text -> Text -> Text -> HashMap Text Criterion -> CreateArchiveRule

-- | A client token.
[$sel:clientToken:CreateArchiveRule'] :: CreateArchiveRule -> Maybe Text

-- | The name of the created analyzer.
[$sel:analyzerName:CreateArchiveRule'] :: CreateArchiveRule -> Text

-- | The name of the rule to create.
[$sel:ruleName:CreateArchiveRule'] :: CreateArchiveRule -> Text

-- | The criteria for the rule.
[$sel:filter':CreateArchiveRule'] :: CreateArchiveRule -> HashMap Text Criterion

-- | Create a value of <a>CreateArchiveRule</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:clientToken:CreateArchiveRule'</a>,
--   <a>createArchiveRule_clientToken</a> - A client token.
--   
--   <a>$sel:analyzerName:CreateArchiveRule'</a>,
--   <a>createArchiveRule_analyzerName</a> - The name of the created
--   analyzer.
--   
--   <a>CreateArchiveRule</a>, <a>createArchiveRule_ruleName</a> - The name
--   of the rule to create.
--   
--   <a>CreateArchiveRule</a>, <a>createArchiveRule_filter</a> - The
--   criteria for the rule.
newCreateArchiveRule :: Text -> Text -> CreateArchiveRule

-- | A client token.
createArchiveRule_clientToken :: Lens' CreateArchiveRule (Maybe Text)

-- | The name of the created analyzer.
createArchiveRule_analyzerName :: Lens' CreateArchiveRule Text

-- | The name of the rule to create.
createArchiveRule_ruleName :: Lens' CreateArchiveRule Text

-- | The criteria for the rule.
createArchiveRule_filter :: Lens' CreateArchiveRule (HashMap Text Criterion)

-- | <i>See:</i> <a>newCreateArchiveRuleResponse</a> smart constructor.
data CreateArchiveRuleResponse
CreateArchiveRuleResponse' :: CreateArchiveRuleResponse

-- | Create a value of <a>CreateArchiveRuleResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newCreateArchiveRuleResponse :: CreateArchiveRuleResponse
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.CreateArchiveRule.CreateArchiveRule
instance GHC.Show.Show Amazonka.AccessAnalyzer.CreateArchiveRule.CreateArchiveRule
instance GHC.Read.Read Amazonka.AccessAnalyzer.CreateArchiveRule.CreateArchiveRule
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.CreateArchiveRule.CreateArchiveRule
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.CreateArchiveRule.CreateArchiveRuleResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.CreateArchiveRule.CreateArchiveRuleResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.CreateArchiveRule.CreateArchiveRuleResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.CreateArchiveRule.CreateArchiveRuleResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.CreateArchiveRule.CreateArchiveRule
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.CreateArchiveRule.CreateArchiveRuleResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.CreateArchiveRule.CreateArchiveRule
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.CreateArchiveRule.CreateArchiveRule
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.CreateArchiveRule.CreateArchiveRule
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.CreateArchiveRule.CreateArchiveRule
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.CreateArchiveRule.CreateArchiveRule
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.CreateArchiveRule.CreateArchiveRule


-- | Creates an analyzer for your account.
module Amazonka.AccessAnalyzer.CreateAnalyzer

-- | Creates an analyzer.
--   
--   <i>See:</i> <a>newCreateAnalyzer</a> smart constructor.
data CreateAnalyzer
CreateAnalyzer' :: Maybe [InlineArchiveRule] -> Maybe Text -> Maybe (HashMap Text Text) -> Text -> Type -> CreateAnalyzer

-- | Specifies the archive rules to add for the analyzer. Archive rules
--   automatically archive findings that meet the criteria you define for
--   the rule.
[$sel:archiveRules:CreateAnalyzer'] :: CreateAnalyzer -> Maybe [InlineArchiveRule]

-- | A client token.
[$sel:clientToken:CreateAnalyzer'] :: CreateAnalyzer -> Maybe Text

-- | The tags to apply to the analyzer.
[$sel:tags:CreateAnalyzer'] :: CreateAnalyzer -> Maybe (HashMap Text Text)

-- | The name of the analyzer to create.
[$sel:analyzerName:CreateAnalyzer'] :: CreateAnalyzer -> Text

-- | The type of analyzer to create. Only ACCOUNT and ORGANIZATION
--   analyzers are supported. You can create only one analyzer per account
--   per Region. You can create up to 5 analyzers per organization per
--   Region.
[$sel:type':CreateAnalyzer'] :: CreateAnalyzer -> Type

-- | Create a value of <a>CreateAnalyzer</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:archiveRules:CreateAnalyzer'</a>,
--   <a>createAnalyzer_archiveRules</a> - Specifies the archive rules to
--   add for the analyzer. Archive rules automatically archive findings
--   that meet the criteria you define for the rule.
--   
--   <a>$sel:clientToken:CreateAnalyzer'</a>,
--   <a>createAnalyzer_clientToken</a> - A client token.
--   
--   <a>CreateAnalyzer</a>, <a>createAnalyzer_tags</a> - The tags to apply
--   to the analyzer.
--   
--   <a>$sel:analyzerName:CreateAnalyzer'</a>,
--   <a>createAnalyzer_analyzerName</a> - The name of the analyzer to
--   create.
--   
--   <a>CreateAnalyzer</a>, <a>createAnalyzer_type</a> - The type of
--   analyzer to create. Only ACCOUNT and ORGANIZATION analyzers are
--   supported. You can create only one analyzer per account per Region.
--   You can create up to 5 analyzers per organization per Region.
newCreateAnalyzer :: Text -> Type -> CreateAnalyzer

-- | Specifies the archive rules to add for the analyzer. Archive rules
--   automatically archive findings that meet the criteria you define for
--   the rule.
createAnalyzer_archiveRules :: Lens' CreateAnalyzer (Maybe [InlineArchiveRule])

-- | A client token.
createAnalyzer_clientToken :: Lens' CreateAnalyzer (Maybe Text)

-- | The tags to apply to the analyzer.
createAnalyzer_tags :: Lens' CreateAnalyzer (Maybe (HashMap Text Text))

-- | The name of the analyzer to create.
createAnalyzer_analyzerName :: Lens' CreateAnalyzer Text

-- | The type of analyzer to create. Only ACCOUNT and ORGANIZATION
--   analyzers are supported. You can create only one analyzer per account
--   per Region. You can create up to 5 analyzers per organization per
--   Region.
createAnalyzer_type :: Lens' CreateAnalyzer Type

-- | The response to the request to create an analyzer.
--   
--   <i>See:</i> <a>newCreateAnalyzerResponse</a> smart constructor.
data CreateAnalyzerResponse
CreateAnalyzerResponse' :: Maybe Text -> Int -> CreateAnalyzerResponse

-- | The ARN of the analyzer that was created by the request.
[$sel:arn:CreateAnalyzerResponse'] :: CreateAnalyzerResponse -> Maybe Text

-- | The response's http status code.
[$sel:httpStatus:CreateAnalyzerResponse'] :: CreateAnalyzerResponse -> Int

-- | Create a value of <a>CreateAnalyzerResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>CreateAnalyzerResponse</a>, <a>createAnalyzerResponse_arn</a> - The
--   ARN of the analyzer that was created by the request.
--   
--   <a>$sel:httpStatus:CreateAnalyzerResponse'</a>,
--   <a>createAnalyzerResponse_httpStatus</a> - The response's http status
--   code.
newCreateAnalyzerResponse :: Int -> CreateAnalyzerResponse

-- | The ARN of the analyzer that was created by the request.
createAnalyzerResponse_arn :: Lens' CreateAnalyzerResponse (Maybe Text)

-- | The response's http status code.
createAnalyzerResponse_httpStatus :: Lens' CreateAnalyzerResponse Int
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.CreateAnalyzer.CreateAnalyzer
instance GHC.Show.Show Amazonka.AccessAnalyzer.CreateAnalyzer.CreateAnalyzer
instance GHC.Read.Read Amazonka.AccessAnalyzer.CreateAnalyzer.CreateAnalyzer
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.CreateAnalyzer.CreateAnalyzer
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.CreateAnalyzer.CreateAnalyzerResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.CreateAnalyzer.CreateAnalyzerResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.CreateAnalyzer.CreateAnalyzerResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.CreateAnalyzer.CreateAnalyzerResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.CreateAnalyzer.CreateAnalyzer
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.CreateAnalyzer.CreateAnalyzerResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.CreateAnalyzer.CreateAnalyzer
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.CreateAnalyzer.CreateAnalyzer
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.CreateAnalyzer.CreateAnalyzer
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.CreateAnalyzer.CreateAnalyzer
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.CreateAnalyzer.CreateAnalyzer
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.CreateAnalyzer.CreateAnalyzer


-- | Creates an access preview that allows you to preview IAM Access
--   Analyzer findings for your resource before deploying resource
--   permissions.
module Amazonka.AccessAnalyzer.CreateAccessPreview

-- | <i>See:</i> <a>newCreateAccessPreview</a> smart constructor.
data CreateAccessPreview
CreateAccessPreview' :: Maybe Text -> Text -> HashMap Text Configuration -> CreateAccessPreview

-- | A client token.
[$sel:clientToken:CreateAccessPreview'] :: CreateAccessPreview -> Maybe Text

-- | The <a>ARN of the account analyzer</a> used to generate the access
--   preview. You can only create an access preview for analyzers with an
--   <tt>Account</tt> type and <tt>Active</tt> status.
[$sel:analyzerArn:CreateAccessPreview'] :: CreateAccessPreview -> Text

-- | Access control configuration for your resource that is used to
--   generate the access preview. The access preview includes findings for
--   external access allowed to the resource with the proposed access
--   control configuration. The configuration must contain exactly one
--   element.
[$sel:configurations:CreateAccessPreview'] :: CreateAccessPreview -> HashMap Text Configuration

-- | Create a value of <a>CreateAccessPreview</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:clientToken:CreateAccessPreview'</a>,
--   <a>createAccessPreview_clientToken</a> - A client token.
--   
--   <a>CreateAccessPreview</a>, <a>createAccessPreview_analyzerArn</a> -
--   The <a>ARN of the account analyzer</a> used to generate the access
--   preview. You can only create an access preview for analyzers with an
--   <tt>Account</tt> type and <tt>Active</tt> status.
--   
--   <a>CreateAccessPreview</a>, <a>createAccessPreview_configurations</a>
--   - Access control configuration for your resource that is used to
--   generate the access preview. The access preview includes findings for
--   external access allowed to the resource with the proposed access
--   control configuration. The configuration must contain exactly one
--   element.
newCreateAccessPreview :: Text -> CreateAccessPreview

-- | A client token.
createAccessPreview_clientToken :: Lens' CreateAccessPreview (Maybe Text)

-- | The <a>ARN of the account analyzer</a> used to generate the access
--   preview. You can only create an access preview for analyzers with an
--   <tt>Account</tt> type and <tt>Active</tt> status.
createAccessPreview_analyzerArn :: Lens' CreateAccessPreview Text

-- | Access control configuration for your resource that is used to
--   generate the access preview. The access preview includes findings for
--   external access allowed to the resource with the proposed access
--   control configuration. The configuration must contain exactly one
--   element.
createAccessPreview_configurations :: Lens' CreateAccessPreview (HashMap Text Configuration)

-- | <i>See:</i> <a>newCreateAccessPreviewResponse</a> smart constructor.
data CreateAccessPreviewResponse
CreateAccessPreviewResponse' :: Int -> Text -> CreateAccessPreviewResponse

-- | The response's http status code.
[$sel:httpStatus:CreateAccessPreviewResponse'] :: CreateAccessPreviewResponse -> Int

-- | The unique ID for the access preview.
[$sel:id:CreateAccessPreviewResponse'] :: CreateAccessPreviewResponse -> Text

-- | Create a value of <a>CreateAccessPreviewResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:CreateAccessPreviewResponse'</a>,
--   <a>createAccessPreviewResponse_httpStatus</a> - The response's http
--   status code.
--   
--   <a>CreateAccessPreviewResponse</a>,
--   <a>createAccessPreviewResponse_id</a> - The unique ID for the access
--   preview.
newCreateAccessPreviewResponse :: Int -> Text -> CreateAccessPreviewResponse

-- | The response's http status code.
createAccessPreviewResponse_httpStatus :: Lens' CreateAccessPreviewResponse Int

-- | The unique ID for the access preview.
createAccessPreviewResponse_id :: Lens' CreateAccessPreviewResponse Text
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.CreateAccessPreview.CreateAccessPreview
instance GHC.Show.Show Amazonka.AccessAnalyzer.CreateAccessPreview.CreateAccessPreview
instance GHC.Read.Read Amazonka.AccessAnalyzer.CreateAccessPreview.CreateAccessPreview
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.CreateAccessPreview.CreateAccessPreview
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.CreateAccessPreview.CreateAccessPreviewResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.CreateAccessPreview.CreateAccessPreviewResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.CreateAccessPreview.CreateAccessPreviewResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.CreateAccessPreview.CreateAccessPreviewResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.CreateAccessPreview.CreateAccessPreview
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.CreateAccessPreview.CreateAccessPreviewResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.CreateAccessPreview.CreateAccessPreview
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.CreateAccessPreview.CreateAccessPreview
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.CreateAccessPreview.CreateAccessPreview
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.CreateAccessPreview.CreateAccessPreview
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.CreateAccessPreview.CreateAccessPreview
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.CreateAccessPreview.CreateAccessPreview


-- | Cancels the requested policy generation.
module Amazonka.AccessAnalyzer.CancelPolicyGeneration

-- | <i>See:</i> <a>newCancelPolicyGeneration</a> smart constructor.
data CancelPolicyGeneration
CancelPolicyGeneration' :: Text -> CancelPolicyGeneration

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
[$sel:jobId:CancelPolicyGeneration'] :: CancelPolicyGeneration -> Text

-- | Create a value of <a>CancelPolicyGeneration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>CancelPolicyGeneration</a>, <a>cancelPolicyGeneration_jobId</a> -
--   The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
newCancelPolicyGeneration :: Text -> CancelPolicyGeneration

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
cancelPolicyGeneration_jobId :: Lens' CancelPolicyGeneration Text

-- | <i>See:</i> <a>newCancelPolicyGenerationResponse</a> smart
--   constructor.
data CancelPolicyGenerationResponse
CancelPolicyGenerationResponse' :: Int -> CancelPolicyGenerationResponse

-- | The response's http status code.
[$sel:httpStatus:CancelPolicyGenerationResponse'] :: CancelPolicyGenerationResponse -> Int

-- | Create a value of <a>CancelPolicyGenerationResponse</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:CancelPolicyGenerationResponse'</a>,
--   <a>cancelPolicyGenerationResponse_httpStatus</a> - The response's http
--   status code.
newCancelPolicyGenerationResponse :: Int -> CancelPolicyGenerationResponse

-- | The response's http status code.
cancelPolicyGenerationResponse_httpStatus :: Lens' CancelPolicyGenerationResponse Int
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.CancelPolicyGeneration.CancelPolicyGeneration
instance GHC.Show.Show Amazonka.AccessAnalyzer.CancelPolicyGeneration.CancelPolicyGeneration
instance GHC.Read.Read Amazonka.AccessAnalyzer.CancelPolicyGeneration.CancelPolicyGeneration
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.CancelPolicyGeneration.CancelPolicyGeneration
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.CancelPolicyGeneration.CancelPolicyGenerationResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.CancelPolicyGeneration.CancelPolicyGenerationResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.CancelPolicyGeneration.CancelPolicyGenerationResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.CancelPolicyGeneration.CancelPolicyGenerationResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.CancelPolicyGeneration.CancelPolicyGeneration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.CancelPolicyGeneration.CancelPolicyGenerationResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.CancelPolicyGeneration.CancelPolicyGeneration
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.CancelPolicyGeneration.CancelPolicyGeneration
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.CancelPolicyGeneration.CancelPolicyGeneration
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.CancelPolicyGeneration.CancelPolicyGeneration
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.CancelPolicyGeneration.CancelPolicyGeneration
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.CancelPolicyGeneration.CancelPolicyGeneration


-- | Retroactively applies the archive rule to existing findings that meet
--   the archive rule criteria.
module Amazonka.AccessAnalyzer.ApplyArchiveRule

-- | Retroactively applies an archive rule.
--   
--   <i>See:</i> <a>newApplyArchiveRule</a> smart constructor.
data ApplyArchiveRule
ApplyArchiveRule' :: Maybe Text -> Text -> Text -> ApplyArchiveRule

-- | A client token.
[$sel:clientToken:ApplyArchiveRule'] :: ApplyArchiveRule -> Maybe Text

-- | The Amazon resource name (ARN) of the analyzer.
[$sel:analyzerArn:ApplyArchiveRule'] :: ApplyArchiveRule -> Text

-- | The name of the rule to apply.
[$sel:ruleName:ApplyArchiveRule'] :: ApplyArchiveRule -> Text

-- | Create a value of <a>ApplyArchiveRule</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:clientToken:ApplyArchiveRule'</a>,
--   <a>applyArchiveRule_clientToken</a> - A client token.
--   
--   <a>ApplyArchiveRule</a>, <a>applyArchiveRule_analyzerArn</a> - The
--   Amazon resource name (ARN) of the analyzer.
--   
--   <a>ApplyArchiveRule</a>, <a>applyArchiveRule_ruleName</a> - The name
--   of the rule to apply.
newApplyArchiveRule :: Text -> Text -> ApplyArchiveRule

-- | A client token.
applyArchiveRule_clientToken :: Lens' ApplyArchiveRule (Maybe Text)

-- | The Amazon resource name (ARN) of the analyzer.
applyArchiveRule_analyzerArn :: Lens' ApplyArchiveRule Text

-- | The name of the rule to apply.
applyArchiveRule_ruleName :: Lens' ApplyArchiveRule Text

-- | <i>See:</i> <a>newApplyArchiveRuleResponse</a> smart constructor.
data ApplyArchiveRuleResponse
ApplyArchiveRuleResponse' :: ApplyArchiveRuleResponse

-- | Create a value of <a>ApplyArchiveRuleResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newApplyArchiveRuleResponse :: ApplyArchiveRuleResponse
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ApplyArchiveRule.ApplyArchiveRule
instance GHC.Show.Show Amazonka.AccessAnalyzer.ApplyArchiveRule.ApplyArchiveRule
instance GHC.Read.Read Amazonka.AccessAnalyzer.ApplyArchiveRule.ApplyArchiveRule
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ApplyArchiveRule.ApplyArchiveRule
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ApplyArchiveRule.ApplyArchiveRuleResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.ApplyArchiveRule.ApplyArchiveRuleResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.ApplyArchiveRule.ApplyArchiveRuleResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ApplyArchiveRule.ApplyArchiveRuleResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.ApplyArchiveRule.ApplyArchiveRule
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ApplyArchiveRule.ApplyArchiveRuleResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.ApplyArchiveRule.ApplyArchiveRule
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ApplyArchiveRule.ApplyArchiveRule
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.ApplyArchiveRule.ApplyArchiveRule
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.ApplyArchiveRule.ApplyArchiveRule
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.ApplyArchiveRule.ApplyArchiveRule
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.ApplyArchiveRule.ApplyArchiveRule


-- | Removes a tag from the specified resource.
module Amazonka.AccessAnalyzer.UntagResource

-- | Removes a tag from the specified resource.
--   
--   <i>See:</i> <a>newUntagResource</a> smart constructor.
data UntagResource
UntagResource' :: Text -> [Text] -> UntagResource

-- | The ARN of the resource to remove the tag from.
[$sel:resourceArn:UntagResource'] :: UntagResource -> Text

-- | The key for the tag to add.
[$sel:tagKeys:UntagResource'] :: UntagResource -> [Text]

-- | Create a value of <a>UntagResource</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>UntagResource</a>, <a>untagResource_resourceArn</a> - The ARN of
--   the resource to remove the tag from.
--   
--   <a>$sel:tagKeys:UntagResource'</a>, <a>untagResource_tagKeys</a> - The
--   key for the tag to add.
newUntagResource :: Text -> UntagResource

-- | The ARN of the resource to remove the tag from.
untagResource_resourceArn :: Lens' UntagResource Text

-- | The key for the tag to add.
untagResource_tagKeys :: Lens' UntagResource [Text]

-- | The response to the request.
--   
--   <i>See:</i> <a>newUntagResourceResponse</a> smart constructor.
data UntagResourceResponse
UntagResourceResponse' :: Int -> UntagResourceResponse

-- | The response's http status code.
[$sel:httpStatus:UntagResourceResponse'] :: UntagResourceResponse -> Int

-- | Create a value of <a>UntagResourceResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:UntagResourceResponse'</a>,
--   <a>untagResourceResponse_httpStatus</a> - The response's http status
--   code.
newUntagResourceResponse :: Int -> UntagResourceResponse

-- | The response's http status code.
untagResourceResponse_httpStatus :: Lens' UntagResourceResponse Int
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.UntagResource.UntagResource
instance GHC.Show.Show Amazonka.AccessAnalyzer.UntagResource.UntagResource
instance GHC.Read.Read Amazonka.AccessAnalyzer.UntagResource.UntagResource
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.UntagResource.UntagResource
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.UntagResource.UntagResourceResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.UntagResource.UntagResourceResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.UntagResource.UntagResourceResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.UntagResource.UntagResourceResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.UntagResource.UntagResource
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.UntagResource.UntagResourceResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.UntagResource.UntagResource
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.UntagResource.UntagResource
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.UntagResource.UntagResource
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.UntagResource.UntagResource
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.UntagResource.UntagResource


-- | Updates the criteria and values for the specified archive rule.
module Amazonka.AccessAnalyzer.UpdateArchiveRule

-- | Updates the specified archive rule.
--   
--   <i>See:</i> <a>newUpdateArchiveRule</a> smart constructor.
data UpdateArchiveRule
UpdateArchiveRule' :: Maybe Text -> Text -> Text -> HashMap Text Criterion -> UpdateArchiveRule

-- | A client token.
[$sel:clientToken:UpdateArchiveRule'] :: UpdateArchiveRule -> Maybe Text

-- | The name of the analyzer to update the archive rules for.
[$sel:analyzerName:UpdateArchiveRule'] :: UpdateArchiveRule -> Text

-- | The name of the rule to update.
[$sel:ruleName:UpdateArchiveRule'] :: UpdateArchiveRule -> Text

-- | A filter to match for the rules to update. Only rules that match the
--   filter are updated.
[$sel:filter':UpdateArchiveRule'] :: UpdateArchiveRule -> HashMap Text Criterion

-- | Create a value of <a>UpdateArchiveRule</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:clientToken:UpdateArchiveRule'</a>,
--   <a>updateArchiveRule_clientToken</a> - A client token.
--   
--   <a>$sel:analyzerName:UpdateArchiveRule'</a>,
--   <a>updateArchiveRule_analyzerName</a> - The name of the analyzer to
--   update the archive rules for.
--   
--   <a>UpdateArchiveRule</a>, <a>updateArchiveRule_ruleName</a> - The name
--   of the rule to update.
--   
--   <a>UpdateArchiveRule</a>, <a>updateArchiveRule_filter</a> - A filter
--   to match for the rules to update. Only rules that match the filter are
--   updated.
newUpdateArchiveRule :: Text -> Text -> UpdateArchiveRule

-- | A client token.
updateArchiveRule_clientToken :: Lens' UpdateArchiveRule (Maybe Text)

-- | The name of the analyzer to update the archive rules for.
updateArchiveRule_analyzerName :: Lens' UpdateArchiveRule Text

-- | The name of the rule to update.
updateArchiveRule_ruleName :: Lens' UpdateArchiveRule Text

-- | A filter to match for the rules to update. Only rules that match the
--   filter are updated.
updateArchiveRule_filter :: Lens' UpdateArchiveRule (HashMap Text Criterion)

-- | <i>See:</i> <a>newUpdateArchiveRuleResponse</a> smart constructor.
data UpdateArchiveRuleResponse
UpdateArchiveRuleResponse' :: UpdateArchiveRuleResponse

-- | Create a value of <a>UpdateArchiveRuleResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newUpdateArchiveRuleResponse :: UpdateArchiveRuleResponse
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.UpdateArchiveRule.UpdateArchiveRule
instance GHC.Show.Show Amazonka.AccessAnalyzer.UpdateArchiveRule.UpdateArchiveRule
instance GHC.Read.Read Amazonka.AccessAnalyzer.UpdateArchiveRule.UpdateArchiveRule
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.UpdateArchiveRule.UpdateArchiveRule
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.UpdateArchiveRule.UpdateArchiveRuleResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.UpdateArchiveRule.UpdateArchiveRuleResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.UpdateArchiveRule.UpdateArchiveRuleResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.UpdateArchiveRule.UpdateArchiveRuleResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.UpdateArchiveRule.UpdateArchiveRule
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.UpdateArchiveRule.UpdateArchiveRuleResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.UpdateArchiveRule.UpdateArchiveRule
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.UpdateArchiveRule.UpdateArchiveRule
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.UpdateArchiveRule.UpdateArchiveRule
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.UpdateArchiveRule.UpdateArchiveRule
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.UpdateArchiveRule.UpdateArchiveRule
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.UpdateArchiveRule.UpdateArchiveRule


-- | Updates the status for the specified findings.
module Amazonka.AccessAnalyzer.UpdateFindings

-- | Updates findings with the new values provided in the request.
--   
--   <i>See:</i> <a>newUpdateFindings</a> smart constructor.
data UpdateFindings
UpdateFindings' :: Maybe Text -> Maybe [Text] -> Maybe Text -> Text -> FindingStatusUpdate -> UpdateFindings

-- | A client token.
[$sel:clientToken:UpdateFindings'] :: UpdateFindings -> Maybe Text

-- | The IDs of the findings to update.
[$sel:ids:UpdateFindings'] :: UpdateFindings -> Maybe [Text]

-- | The ARN of the resource identified in the finding.
[$sel:resourceArn:UpdateFindings'] :: UpdateFindings -> Maybe Text

-- | The <a>ARN of the analyzer</a> that generated the findings to update.
[$sel:analyzerArn:UpdateFindings'] :: UpdateFindings -> Text

-- | The state represents the action to take to update the finding Status.
--   Use <tt>ARCHIVE</tt> to change an Active finding to an Archived
--   finding. Use <tt>ACTIVE</tt> to change an Archived finding to an
--   Active finding.
[$sel:status:UpdateFindings'] :: UpdateFindings -> FindingStatusUpdate

-- | Create a value of <a>UpdateFindings</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:clientToken:UpdateFindings'</a>,
--   <a>updateFindings_clientToken</a> - A client token.
--   
--   <a>$sel:ids:UpdateFindings'</a>, <a>updateFindings_ids</a> - The IDs
--   of the findings to update.
--   
--   <a>UpdateFindings</a>, <a>updateFindings_resourceArn</a> - The ARN of
--   the resource identified in the finding.
--   
--   <a>UpdateFindings</a>, <a>updateFindings_analyzerArn</a> - The <a>ARN
--   of the analyzer</a> that generated the findings to update.
--   
--   <a>UpdateFindings</a>, <a>updateFindings_status</a> - The state
--   represents the action to take to update the finding Status. Use
--   <tt>ARCHIVE</tt> to change an Active finding to an Archived finding.
--   Use <tt>ACTIVE</tt> to change an Archived finding to an Active
--   finding.
newUpdateFindings :: Text -> FindingStatusUpdate -> UpdateFindings

-- | A client token.
updateFindings_clientToken :: Lens' UpdateFindings (Maybe Text)

-- | The IDs of the findings to update.
updateFindings_ids :: Lens' UpdateFindings (Maybe [Text])

-- | The ARN of the resource identified in the finding.
updateFindings_resourceArn :: Lens' UpdateFindings (Maybe Text)

-- | The <a>ARN of the analyzer</a> that generated the findings to update.
updateFindings_analyzerArn :: Lens' UpdateFindings Text

-- | The state represents the action to take to update the finding Status.
--   Use <tt>ARCHIVE</tt> to change an Active finding to an Archived
--   finding. Use <tt>ACTIVE</tt> to change an Archived finding to an
--   Active finding.
updateFindings_status :: Lens' UpdateFindings FindingStatusUpdate

-- | <i>See:</i> <a>newUpdateFindingsResponse</a> smart constructor.
data UpdateFindingsResponse
UpdateFindingsResponse' :: UpdateFindingsResponse

-- | Create a value of <a>UpdateFindingsResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newUpdateFindingsResponse :: UpdateFindingsResponse
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.UpdateFindings.UpdateFindings
instance GHC.Show.Show Amazonka.AccessAnalyzer.UpdateFindings.UpdateFindings
instance GHC.Read.Read Amazonka.AccessAnalyzer.UpdateFindings.UpdateFindings
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.UpdateFindings.UpdateFindings
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.UpdateFindings.UpdateFindingsResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.UpdateFindings.UpdateFindingsResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.UpdateFindings.UpdateFindingsResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.UpdateFindings.UpdateFindingsResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.UpdateFindings.UpdateFindings
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.UpdateFindings.UpdateFindingsResponse
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.UpdateFindings.UpdateFindings
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.UpdateFindings.UpdateFindings
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.UpdateFindings.UpdateFindings
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.UpdateFindings.UpdateFindings
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.UpdateFindings.UpdateFindings
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.UpdateFindings.UpdateFindings


-- | Requests the validation of a policy and returns a list of findings.
--   The findings help you identify issues and provide actionable
--   recommendations to resolve the issue and enable you to author
--   functional policies that meet security best practices.
--   
--   This operation returns paginated results.
module Amazonka.AccessAnalyzer.ValidatePolicy

-- | <i>See:</i> <a>newValidatePolicy</a> smart constructor.
data ValidatePolicy
ValidatePolicy' :: Maybe Locale -> Maybe Int -> Maybe Text -> Maybe ValidatePolicyResourceType -> Text -> PolicyType -> ValidatePolicy

-- | The locale to use for localizing the findings.
[$sel:locale:ValidatePolicy'] :: ValidatePolicy -> Maybe Locale

-- | The maximum number of results to return in the response.
[$sel:maxResults:ValidatePolicy'] :: ValidatePolicy -> Maybe Int

-- | A token used for pagination of results returned.
[$sel:nextToken:ValidatePolicy'] :: ValidatePolicy -> Maybe Text

-- | The type of resource to attach to your resource policy. Specify a
--   value for the policy validation resource type only if the policy type
--   is <tt>RESOURCE_POLICY</tt>. For example, to validate a resource
--   policy to attach to an Amazon S3 bucket, you can choose
--   <tt>AWS::S3::Bucket</tt> for the policy validation resource type.
--   
--   For resource types not supported as valid values, IAM Access Analyzer
--   runs policy checks that apply to all resource policies. For example,
--   to validate a resource policy to attach to a KMS key, do not specify a
--   value for the policy validation resource type and IAM Access Analyzer
--   will run policy checks that apply to all resource policies.
[$sel:validatePolicyResourceType:ValidatePolicy'] :: ValidatePolicy -> Maybe ValidatePolicyResourceType

-- | The JSON policy document to use as the content for the policy.
[$sel:policyDocument:ValidatePolicy'] :: ValidatePolicy -> Text

-- | The type of policy to validate. Identity policies grant permissions to
--   IAM principals. Identity policies include managed and inline policies
--   for IAM roles, users, and groups. They also include service-control
--   policies (SCPs) that are attached to an Amazon Web Services
--   organization, organizational unit (OU), or an account.
--   
--   Resource policies grant permissions on Amazon Web Services resources.
--   Resource policies include trust policies for IAM roles and bucket
--   policies for Amazon S3 buckets. You can provide a generic input such
--   as identity policy or resource policy or a specific input such as
--   managed policy or Amazon S3 bucket policy.
[$sel:policyType:ValidatePolicy'] :: ValidatePolicy -> PolicyType

-- | Create a value of <a>ValidatePolicy</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:locale:ValidatePolicy'</a>, <a>validatePolicy_locale</a> - The
--   locale to use for localizing the findings.
--   
--   <a>$sel:maxResults:ValidatePolicy'</a>,
--   <a>validatePolicy_maxResults</a> - The maximum number of results to
--   return in the response.
--   
--   <a>ValidatePolicy</a>, <a>validatePolicy_nextToken</a> - A token used
--   for pagination of results returned.
--   
--   <a>$sel:validatePolicyResourceType:ValidatePolicy'</a>,
--   <a>validatePolicy_validatePolicyResourceType</a> - The type of
--   resource to attach to your resource policy. Specify a value for the
--   policy validation resource type only if the policy type is
--   <tt>RESOURCE_POLICY</tt>. For example, to validate a resource policy
--   to attach to an Amazon S3 bucket, you can choose
--   <tt>AWS::S3::Bucket</tt> for the policy validation resource type.
--   
--   For resource types not supported as valid values, IAM Access Analyzer
--   runs policy checks that apply to all resource policies. For example,
--   to validate a resource policy to attach to a KMS key, do not specify a
--   value for the policy validation resource type and IAM Access Analyzer
--   will run policy checks that apply to all resource policies.
--   
--   <a>$sel:policyDocument:ValidatePolicy'</a>,
--   <a>validatePolicy_policyDocument</a> - The JSON policy document to use
--   as the content for the policy.
--   
--   <a>$sel:policyType:ValidatePolicy'</a>,
--   <a>validatePolicy_policyType</a> - The type of policy to validate.
--   Identity policies grant permissions to IAM principals. Identity
--   policies include managed and inline policies for IAM roles, users, and
--   groups. They also include service-control policies (SCPs) that are
--   attached to an Amazon Web Services organization, organizational unit
--   (OU), or an account.
--   
--   Resource policies grant permissions on Amazon Web Services resources.
--   Resource policies include trust policies for IAM roles and bucket
--   policies for Amazon S3 buckets. You can provide a generic input such
--   as identity policy or resource policy or a specific input such as
--   managed policy or Amazon S3 bucket policy.
newValidatePolicy :: Text -> PolicyType -> ValidatePolicy

-- | The locale to use for localizing the findings.
validatePolicy_locale :: Lens' ValidatePolicy (Maybe Locale)

-- | The maximum number of results to return in the response.
validatePolicy_maxResults :: Lens' ValidatePolicy (Maybe Int)

-- | A token used for pagination of results returned.
validatePolicy_nextToken :: Lens' ValidatePolicy (Maybe Text)

-- | The type of resource to attach to your resource policy. Specify a
--   value for the policy validation resource type only if the policy type
--   is <tt>RESOURCE_POLICY</tt>. For example, to validate a resource
--   policy to attach to an Amazon S3 bucket, you can choose
--   <tt>AWS::S3::Bucket</tt> for the policy validation resource type.
--   
--   For resource types not supported as valid values, IAM Access Analyzer
--   runs policy checks that apply to all resource policies. For example,
--   to validate a resource policy to attach to a KMS key, do not specify a
--   value for the policy validation resource type and IAM Access Analyzer
--   will run policy checks that apply to all resource policies.
validatePolicy_validatePolicyResourceType :: Lens' ValidatePolicy (Maybe ValidatePolicyResourceType)

-- | The JSON policy document to use as the content for the policy.
validatePolicy_policyDocument :: Lens' ValidatePolicy Text

-- | The type of policy to validate. Identity policies grant permissions to
--   IAM principals. Identity policies include managed and inline policies
--   for IAM roles, users, and groups. They also include service-control
--   policies (SCPs) that are attached to an Amazon Web Services
--   organization, organizational unit (OU), or an account.
--   
--   Resource policies grant permissions on Amazon Web Services resources.
--   Resource policies include trust policies for IAM roles and bucket
--   policies for Amazon S3 buckets. You can provide a generic input such
--   as identity policy or resource policy or a specific input such as
--   managed policy or Amazon S3 bucket policy.
validatePolicy_policyType :: Lens' ValidatePolicy PolicyType

-- | <i>See:</i> <a>newValidatePolicyResponse</a> smart constructor.
data ValidatePolicyResponse
ValidatePolicyResponse' :: Maybe Text -> Int -> [ValidatePolicyFinding] -> ValidatePolicyResponse

-- | A token used for pagination of results returned.
[$sel:nextToken:ValidatePolicyResponse'] :: ValidatePolicyResponse -> Maybe Text

-- | The response's http status code.
[$sel:httpStatus:ValidatePolicyResponse'] :: ValidatePolicyResponse -> Int

-- | The list of findings in a policy returned by IAM Access Analyzer based
--   on its suite of policy checks.
[$sel:findings:ValidatePolicyResponse'] :: ValidatePolicyResponse -> [ValidatePolicyFinding]

-- | Create a value of <a>ValidatePolicyResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ValidatePolicy</a>, <a>validatePolicyResponse_nextToken</a> - A
--   token used for pagination of results returned.
--   
--   <a>$sel:httpStatus:ValidatePolicyResponse'</a>,
--   <a>validatePolicyResponse_httpStatus</a> - The response's http status
--   code.
--   
--   <a>$sel:findings:ValidatePolicyResponse'</a>,
--   <a>validatePolicyResponse_findings</a> - The list of findings in a
--   policy returned by IAM Access Analyzer based on its suite of policy
--   checks.
newValidatePolicyResponse :: Int -> ValidatePolicyResponse

-- | A token used for pagination of results returned.
validatePolicyResponse_nextToken :: Lens' ValidatePolicyResponse (Maybe Text)

-- | The response's http status code.
validatePolicyResponse_httpStatus :: Lens' ValidatePolicyResponse Int

-- | The list of findings in a policy returned by IAM Access Analyzer based
--   on its suite of policy checks.
validatePolicyResponse_findings :: Lens' ValidatePolicyResponse [ValidatePolicyFinding]
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicy
instance GHC.Show.Show Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicy
instance GHC.Read.Read Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicy
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicy
instance GHC.Generics.Generic Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicyResponse
instance GHC.Show.Show Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicyResponse
instance GHC.Read.Read Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicyResponse
instance GHC.Classes.Eq Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicyResponse
instance Amazonka.Types.AWSRequest Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicy
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicyResponse
instance Amazonka.Pager.AWSPager Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicy
instance Data.Hashable.Class.Hashable Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicy
instance Control.DeepSeq.NFData Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicy
instance Amazonka.Data.Headers.ToHeaders Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicy
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicy
instance Amazonka.Data.Path.ToPath Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicy
instance Amazonka.Data.Query.ToQuery Amazonka.AccessAnalyzer.ValidatePolicy.ValidatePolicy


module Amazonka.AccessAnalyzer.Lens

-- | A client token.
applyArchiveRule_clientToken :: Lens' ApplyArchiveRule (Maybe Text)

-- | The Amazon resource name (ARN) of the analyzer.
applyArchiveRule_analyzerArn :: Lens' ApplyArchiveRule Text

-- | The name of the rule to apply.
applyArchiveRule_ruleName :: Lens' ApplyArchiveRule Text

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
cancelPolicyGeneration_jobId :: Lens' CancelPolicyGeneration Text

-- | The response's http status code.
cancelPolicyGenerationResponse_httpStatus :: Lens' CancelPolicyGenerationResponse Int

-- | A client token.
createAccessPreview_clientToken :: Lens' CreateAccessPreview (Maybe Text)

-- | The <a>ARN of the account analyzer</a> used to generate the access
--   preview. You can only create an access preview for analyzers with an
--   <tt>Account</tt> type and <tt>Active</tt> status.
createAccessPreview_analyzerArn :: Lens' CreateAccessPreview Text

-- | Access control configuration for your resource that is used to
--   generate the access preview. The access preview includes findings for
--   external access allowed to the resource with the proposed access
--   control configuration. The configuration must contain exactly one
--   element.
createAccessPreview_configurations :: Lens' CreateAccessPreview (HashMap Text Configuration)

-- | The response's http status code.
createAccessPreviewResponse_httpStatus :: Lens' CreateAccessPreviewResponse Int

-- | The unique ID for the access preview.
createAccessPreviewResponse_id :: Lens' CreateAccessPreviewResponse Text

-- | Specifies the archive rules to add for the analyzer. Archive rules
--   automatically archive findings that meet the criteria you define for
--   the rule.
createAnalyzer_archiveRules :: Lens' CreateAnalyzer (Maybe [InlineArchiveRule])

-- | A client token.
createAnalyzer_clientToken :: Lens' CreateAnalyzer (Maybe Text)

-- | The tags to apply to the analyzer.
createAnalyzer_tags :: Lens' CreateAnalyzer (Maybe (HashMap Text Text))

-- | The name of the analyzer to create.
createAnalyzer_analyzerName :: Lens' CreateAnalyzer Text

-- | The type of analyzer to create. Only ACCOUNT and ORGANIZATION
--   analyzers are supported. You can create only one analyzer per account
--   per Region. You can create up to 5 analyzers per organization per
--   Region.
createAnalyzer_type :: Lens' CreateAnalyzer Type

-- | The ARN of the analyzer that was created by the request.
createAnalyzerResponse_arn :: Lens' CreateAnalyzerResponse (Maybe Text)

-- | The response's http status code.
createAnalyzerResponse_httpStatus :: Lens' CreateAnalyzerResponse Int

-- | A client token.
createArchiveRule_clientToken :: Lens' CreateArchiveRule (Maybe Text)

-- | The name of the created analyzer.
createArchiveRule_analyzerName :: Lens' CreateArchiveRule Text

-- | The name of the rule to create.
createArchiveRule_ruleName :: Lens' CreateArchiveRule Text

-- | The criteria for the rule.
createArchiveRule_filter :: Lens' CreateArchiveRule (HashMap Text Criterion)

-- | A client token.
deleteAnalyzer_clientToken :: Lens' DeleteAnalyzer (Maybe Text)

-- | The name of the analyzer to delete.
deleteAnalyzer_analyzerName :: Lens' DeleteAnalyzer Text

-- | A client token.
deleteArchiveRule_clientToken :: Lens' DeleteArchiveRule (Maybe Text)

-- | The name of the analyzer that associated with the archive rule to
--   delete.
deleteArchiveRule_analyzerName :: Lens' DeleteArchiveRule Text

-- | The name of the rule to delete.
deleteArchiveRule_ruleName :: Lens' DeleteArchiveRule Text

-- | The unique ID for the access preview.
getAccessPreview_accessPreviewId :: Lens' GetAccessPreview Text

-- | The <a>ARN of the analyzer</a> used to generate the access preview.
getAccessPreview_analyzerArn :: Lens' GetAccessPreview Text

-- | The response's http status code.
getAccessPreviewResponse_httpStatus :: Lens' GetAccessPreviewResponse Int

-- | An object that contains information about the access preview.
getAccessPreviewResponse_accessPreview :: Lens' GetAccessPreviewResponse AccessPreview

-- | The <a>ARN of the analyzer</a> to retrieve information from.
getAnalyzedResource_analyzerArn :: Lens' GetAnalyzedResource Text

-- | The ARN of the resource to retrieve information about.
getAnalyzedResource_resourceArn :: Lens' GetAnalyzedResource Text

-- | An <tt>AnalyzedResource</tt> object that contains information that IAM
--   Access Analyzer found when it analyzed the resource.
getAnalyzedResourceResponse_resource :: Lens' GetAnalyzedResourceResponse (Maybe AnalyzedResource)

-- | The response's http status code.
getAnalyzedResourceResponse_httpStatus :: Lens' GetAnalyzedResourceResponse Int

-- | The name of the analyzer retrieved.
getAnalyzer_analyzerName :: Lens' GetAnalyzer Text

-- | The response's http status code.
getAnalyzerResponse_httpStatus :: Lens' GetAnalyzerResponse Int

-- | An <tt>AnalyzerSummary</tt> object that contains information about the
--   analyzer.
getAnalyzerResponse_analyzer :: Lens' GetAnalyzerResponse AnalyzerSummary

-- | The name of the analyzer to retrieve rules from.
getArchiveRule_analyzerName :: Lens' GetArchiveRule Text

-- | The name of the rule to retrieve.
getArchiveRule_ruleName :: Lens' GetArchiveRule Text

-- | The response's http status code.
getArchiveRuleResponse_httpStatus :: Lens' GetArchiveRuleResponse Int

-- | Undocumented member.
getArchiveRuleResponse_archiveRule :: Lens' GetArchiveRuleResponse ArchiveRuleSummary

-- | The <a>ARN of the analyzer</a> that generated the finding.
getFinding_analyzerArn :: Lens' GetFinding Text

-- | The ID of the finding to retrieve.
getFinding_id :: Lens' GetFinding Text

-- | A <tt>finding</tt> object that contains finding details.
getFindingResponse_finding :: Lens' GetFindingResponse (Maybe Finding)

-- | The response's http status code.
getFindingResponse_httpStatus :: Lens' GetFindingResponse Int

-- | The level of detail that you want to generate. You can specify whether
--   to generate policies with placeholders for resource ARNs for actions
--   that support resource level granularity in policies.
--   
--   For example, in the resource section of a policy, you can receive a
--   placeholder such as <tt>"Resource":"arn:aws:s3:::${BucketName}"</tt>
--   instead of <tt>"*"</tt>.
getGeneratedPolicy_includeResourcePlaceholders :: Lens' GetGeneratedPolicy (Maybe Bool)

-- | The level of detail that you want to generate. You can specify whether
--   to generate service-level policies.
--   
--   IAM Access Analyzer uses <tt>iam:servicelastaccessed</tt> to identify
--   services that have been used recently to create this service-level
--   template.
getGeneratedPolicy_includeServiceLevelTemplate :: Lens' GetGeneratedPolicy (Maybe Bool)

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
getGeneratedPolicy_jobId :: Lens' GetGeneratedPolicy Text

-- | The response's http status code.
getGeneratedPolicyResponse_httpStatus :: Lens' GetGeneratedPolicyResponse Int

-- | A <tt>GeneratedPolicyDetails</tt> object that contains details about
--   the generated policy.
getGeneratedPolicyResponse_jobDetails :: Lens' GetGeneratedPolicyResponse JobDetails

-- | A <tt>GeneratedPolicyResult</tt> object that contains the generated
--   policies and associated details.
getGeneratedPolicyResponse_generatedPolicyResult :: Lens' GetGeneratedPolicyResponse GeneratedPolicyResult

-- | Criteria to filter the returned findings.
listAccessPreviewFindings_filter :: Lens' ListAccessPreviewFindings (Maybe (HashMap Text Criterion))

-- | The maximum number of results to return in the response.
listAccessPreviewFindings_maxResults :: Lens' ListAccessPreviewFindings (Maybe Int)

-- | A token used for pagination of results returned.
listAccessPreviewFindings_nextToken :: Lens' ListAccessPreviewFindings (Maybe Text)

-- | The unique ID for the access preview.
listAccessPreviewFindings_accessPreviewId :: Lens' ListAccessPreviewFindings Text

-- | The <a>ARN of the analyzer</a> used to generate the access.
listAccessPreviewFindings_analyzerArn :: Lens' ListAccessPreviewFindings Text

-- | A token used for pagination of results returned.
listAccessPreviewFindingsResponse_nextToken :: Lens' ListAccessPreviewFindingsResponse (Maybe Text)

-- | The response's http status code.
listAccessPreviewFindingsResponse_httpStatus :: Lens' ListAccessPreviewFindingsResponse Int

-- | A list of access preview findings that match the specified filter
--   criteria.
listAccessPreviewFindingsResponse_findings :: Lens' ListAccessPreviewFindingsResponse [AccessPreviewFinding]

-- | The maximum number of results to return in the response.
listAccessPreviews_maxResults :: Lens' ListAccessPreviews (Maybe Int)

-- | A token used for pagination of results returned.
listAccessPreviews_nextToken :: Lens' ListAccessPreviews (Maybe Text)

-- | The <a>ARN of the analyzer</a> used to generate the access preview.
listAccessPreviews_analyzerArn :: Lens' ListAccessPreviews Text

-- | A token used for pagination of results returned.
listAccessPreviewsResponse_nextToken :: Lens' ListAccessPreviewsResponse (Maybe Text)

-- | The response's http status code.
listAccessPreviewsResponse_httpStatus :: Lens' ListAccessPreviewsResponse Int

-- | A list of access previews retrieved for the analyzer.
listAccessPreviewsResponse_accessPreviews :: Lens' ListAccessPreviewsResponse [AccessPreviewSummary]

-- | The maximum number of results to return in the response.
listAnalyzedResources_maxResults :: Lens' ListAnalyzedResources (Maybe Int)

-- | A token used for pagination of results returned.
listAnalyzedResources_nextToken :: Lens' ListAnalyzedResources (Maybe Text)

-- | The type of resource.
listAnalyzedResources_resourceType :: Lens' ListAnalyzedResources (Maybe ResourceType)

-- | The <a>ARN of the analyzer</a> to retrieve a list of analyzed
--   resources from.
listAnalyzedResources_analyzerArn :: Lens' ListAnalyzedResources Text

-- | A token used for pagination of results returned.
listAnalyzedResourcesResponse_nextToken :: Lens' ListAnalyzedResourcesResponse (Maybe Text)

-- | The response's http status code.
listAnalyzedResourcesResponse_httpStatus :: Lens' ListAnalyzedResourcesResponse Int

-- | A list of resources that were analyzed.
listAnalyzedResourcesResponse_analyzedResources :: Lens' ListAnalyzedResourcesResponse [AnalyzedResourceSummary]

-- | The maximum number of results to return in the response.
listAnalyzers_maxResults :: Lens' ListAnalyzers (Maybe Int)

-- | A token used for pagination of results returned.
listAnalyzers_nextToken :: Lens' ListAnalyzers (Maybe Text)

-- | The type of analyzer.
listAnalyzers_type :: Lens' ListAnalyzers (Maybe Type)

-- | A token used for pagination of results returned.
listAnalyzersResponse_nextToken :: Lens' ListAnalyzersResponse (Maybe Text)

-- | The response's http status code.
listAnalyzersResponse_httpStatus :: Lens' ListAnalyzersResponse Int

-- | The analyzers retrieved.
listAnalyzersResponse_analyzers :: Lens' ListAnalyzersResponse [AnalyzerSummary]

-- | The maximum number of results to return in the request.
listArchiveRules_maxResults :: Lens' ListArchiveRules (Maybe Int)

-- | A token used for pagination of results returned.
listArchiveRules_nextToken :: Lens' ListArchiveRules (Maybe Text)

-- | The name of the analyzer to retrieve rules from.
listArchiveRules_analyzerName :: Lens' ListArchiveRules Text

-- | A token used for pagination of results returned.
listArchiveRulesResponse_nextToken :: Lens' ListArchiveRulesResponse (Maybe Text)

-- | The response's http status code.
listArchiveRulesResponse_httpStatus :: Lens' ListArchiveRulesResponse Int

-- | A list of archive rules created for the specified analyzer.
listArchiveRulesResponse_archiveRules :: Lens' ListArchiveRulesResponse [ArchiveRuleSummary]

-- | A filter to match for the findings to return.
listFindings_filter :: Lens' ListFindings (Maybe (HashMap Text Criterion))

-- | The maximum number of results to return in the response.
listFindings_maxResults :: Lens' ListFindings (Maybe Int)

-- | A token used for pagination of results returned.
listFindings_nextToken :: Lens' ListFindings (Maybe Text)

-- | The sort order for the findings returned.
listFindings_sort :: Lens' ListFindings (Maybe SortCriteria)

-- | The <a>ARN of the analyzer</a> to retrieve findings from.
listFindings_analyzerArn :: Lens' ListFindings Text

-- | A token used for pagination of results returned.
listFindingsResponse_nextToken :: Lens' ListFindingsResponse (Maybe Text)

-- | The response's http status code.
listFindingsResponse_httpStatus :: Lens' ListFindingsResponse Int

-- | A list of findings retrieved from the analyzer that match the filter
--   criteria specified, if any.
listFindingsResponse_findings :: Lens' ListFindingsResponse [FindingSummary]

-- | The maximum number of results to return in the response.
listPolicyGenerations_maxResults :: Lens' ListPolicyGenerations (Maybe Natural)

-- | A token used for pagination of results returned.
listPolicyGenerations_nextToken :: Lens' ListPolicyGenerations (Maybe Text)

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy. Use this with <tt>ListGeneratedPolicies</tt> to filter the
--   results to only include results for a specific principal.
listPolicyGenerations_principalArn :: Lens' ListPolicyGenerations (Maybe Text)

-- | A token used for pagination of results returned.
listPolicyGenerationsResponse_nextToken :: Lens' ListPolicyGenerationsResponse (Maybe Text)

-- | The response's http status code.
listPolicyGenerationsResponse_httpStatus :: Lens' ListPolicyGenerationsResponse Int

-- | A <tt>PolicyGeneration</tt> object that contains details about the
--   generated policy.
listPolicyGenerationsResponse_policyGenerations :: Lens' ListPolicyGenerationsResponse [PolicyGeneration]

-- | The ARN of the resource to retrieve tags from.
listTagsForResource_resourceArn :: Lens' ListTagsForResource Text

-- | The tags that are applied to the specified resource.
listTagsForResourceResponse_tags :: Lens' ListTagsForResourceResponse (Maybe (HashMap Text Text))

-- | The response's http status code.
listTagsForResourceResponse_httpStatus :: Lens' ListTagsForResourceResponse Int

-- | A unique, case-sensitive identifier that you provide to ensure the
--   idempotency of the request. Idempotency ensures that an API request
--   completes only once. With an idempotent request, if the original
--   request completes successfully, the subsequent retries with the same
--   client token return the result from the original successful request
--   and they have no additional effect.
--   
--   If you do not specify a client token, one is automatically generated
--   by the Amazon Web Services SDK.
startPolicyGeneration_clientToken :: Lens' StartPolicyGeneration (Maybe Text)

-- | A <tt>CloudTrailDetails</tt> object that contains details about a
--   <tt>Trail</tt> that you want to analyze to generate policies.
startPolicyGeneration_cloudTrailDetails :: Lens' StartPolicyGeneration (Maybe CloudTrailDetails)

-- | Contains the ARN of the IAM entity (user or role) for which you are
--   generating a policy.
startPolicyGeneration_policyGenerationDetails :: Lens' StartPolicyGeneration PolicyGenerationDetails

-- | The response's http status code.
startPolicyGenerationResponse_httpStatus :: Lens' StartPolicyGenerationResponse Int

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
startPolicyGenerationResponse_jobId :: Lens' StartPolicyGenerationResponse Text

-- | The Amazon Web Services account ID that owns the resource. For most
--   Amazon Web Services resources, the owning account is the account in
--   which the resource was created.
startResourceScan_resourceOwnerAccount :: Lens' StartResourceScan (Maybe Text)

-- | The <a>ARN of the analyzer</a> to use to scan the policies applied to
--   the specified resource.
startResourceScan_analyzerArn :: Lens' StartResourceScan Text

-- | The ARN of the resource to scan.
startResourceScan_resourceArn :: Lens' StartResourceScan Text

-- | The ARN of the resource to add the tag to.
tagResource_resourceArn :: Lens' TagResource Text

-- | The tags to add to the resource.
tagResource_tags :: Lens' TagResource (HashMap Text Text)

-- | The response's http status code.
tagResourceResponse_httpStatus :: Lens' TagResourceResponse Int

-- | The ARN of the resource to remove the tag from.
untagResource_resourceArn :: Lens' UntagResource Text

-- | The key for the tag to add.
untagResource_tagKeys :: Lens' UntagResource [Text]

-- | The response's http status code.
untagResourceResponse_httpStatus :: Lens' UntagResourceResponse Int

-- | A client token.
updateArchiveRule_clientToken :: Lens' UpdateArchiveRule (Maybe Text)

-- | The name of the analyzer to update the archive rules for.
updateArchiveRule_analyzerName :: Lens' UpdateArchiveRule Text

-- | The name of the rule to update.
updateArchiveRule_ruleName :: Lens' UpdateArchiveRule Text

-- | A filter to match for the rules to update. Only rules that match the
--   filter are updated.
updateArchiveRule_filter :: Lens' UpdateArchiveRule (HashMap Text Criterion)

-- | A client token.
updateFindings_clientToken :: Lens' UpdateFindings (Maybe Text)

-- | The IDs of the findings to update.
updateFindings_ids :: Lens' UpdateFindings (Maybe [Text])

-- | The ARN of the resource identified in the finding.
updateFindings_resourceArn :: Lens' UpdateFindings (Maybe Text)

-- | The <a>ARN of the analyzer</a> that generated the findings to update.
updateFindings_analyzerArn :: Lens' UpdateFindings Text

-- | The state represents the action to take to update the finding Status.
--   Use <tt>ARCHIVE</tt> to change an Active finding to an Archived
--   finding. Use <tt>ACTIVE</tt> to change an Archived finding to an
--   Active finding.
updateFindings_status :: Lens' UpdateFindings FindingStatusUpdate

-- | The locale to use for localizing the findings.
validatePolicy_locale :: Lens' ValidatePolicy (Maybe Locale)

-- | The maximum number of results to return in the response.
validatePolicy_maxResults :: Lens' ValidatePolicy (Maybe Int)

-- | A token used for pagination of results returned.
validatePolicy_nextToken :: Lens' ValidatePolicy (Maybe Text)

-- | The type of resource to attach to your resource policy. Specify a
--   value for the policy validation resource type only if the policy type
--   is <tt>RESOURCE_POLICY</tt>. For example, to validate a resource
--   policy to attach to an Amazon S3 bucket, you can choose
--   <tt>AWS::S3::Bucket</tt> for the policy validation resource type.
--   
--   For resource types not supported as valid values, IAM Access Analyzer
--   runs policy checks that apply to all resource policies. For example,
--   to validate a resource policy to attach to a KMS key, do not specify a
--   value for the policy validation resource type and IAM Access Analyzer
--   will run policy checks that apply to all resource policies.
validatePolicy_validatePolicyResourceType :: Lens' ValidatePolicy (Maybe ValidatePolicyResourceType)

-- | The JSON policy document to use as the content for the policy.
validatePolicy_policyDocument :: Lens' ValidatePolicy Text

-- | The type of policy to validate. Identity policies grant permissions to
--   IAM principals. Identity policies include managed and inline policies
--   for IAM roles, users, and groups. They also include service-control
--   policies (SCPs) that are attached to an Amazon Web Services
--   organization, organizational unit (OU), or an account.
--   
--   Resource policies grant permissions on Amazon Web Services resources.
--   Resource policies include trust policies for IAM roles and bucket
--   policies for Amazon S3 buckets. You can provide a generic input such
--   as identity policy or resource policy or a specific input such as
--   managed policy or Amazon S3 bucket policy.
validatePolicy_policyType :: Lens' ValidatePolicy PolicyType

-- | A token used for pagination of results returned.
validatePolicyResponse_nextToken :: Lens' ValidatePolicyResponse (Maybe Text)

-- | The response's http status code.
validatePolicyResponse_httpStatus :: Lens' ValidatePolicyResponse Int

-- | The list of findings in a policy returned by IAM Access Analyzer based
--   on its suite of policy checks.
validatePolicyResponse_findings :: Lens' ValidatePolicyResponse [ValidatePolicyFinding]

-- | Provides more details about the current status of the access preview.
--   
--   For example, if the creation of the access preview fails, a
--   <tt>Failed</tt> status is returned. This failure can be due to an
--   internal issue with the analysis or due to an invalid resource
--   configuration.
accessPreview_statusReason :: Lens' AccessPreview (Maybe AccessPreviewStatusReason)

-- | The unique ID for the access preview.
accessPreview_id :: Lens' AccessPreview Text

-- | The ARN of the analyzer used to generate the access preview.
accessPreview_analyzerArn :: Lens' AccessPreview Text

-- | A map of resource ARNs for the proposed resource configuration.
accessPreview_configurations :: Lens' AccessPreview (HashMap Text Configuration)

-- | The time at which the access preview was created.
accessPreview_createdAt :: Lens' AccessPreview UTCTime

-- | The status of the access preview.
--   
--   <ul>
--   <li><tt>Creating</tt> - The access preview creation is in
--   progress.</li>
--   <li><tt>Completed</tt> - The access preview is complete. You can
--   preview findings for external access to the resource.</li>
--   <li><tt>Failed</tt> - The access preview creation has failed.</li>
--   </ul>
accessPreview_status :: Lens' AccessPreview AccessPreviewStatus

-- | The action in the analyzed policy statement that an external principal
--   has permission to perform.
accessPreviewFinding_action :: Lens' AccessPreviewFinding (Maybe [Text])

-- | The condition in the analyzed policy statement that resulted in a
--   finding.
accessPreviewFinding_condition :: Lens' AccessPreviewFinding (Maybe (HashMap Text Text))

-- | An error.
accessPreviewFinding_error :: Lens' AccessPreviewFinding (Maybe Text)

-- | The existing ID of the finding in IAM Access Analyzer, provided only
--   for existing findings.
accessPreviewFinding_existingFindingId :: Lens' AccessPreviewFinding (Maybe Text)

-- | The existing status of the finding, provided only for existing
--   findings.
accessPreviewFinding_existingFindingStatus :: Lens' AccessPreviewFinding (Maybe FindingStatus)

-- | Indicates whether the policy that generated the finding allows public
--   access to the resource.
accessPreviewFinding_isPublic :: Lens' AccessPreviewFinding (Maybe Bool)

-- | The external principal that has access to a resource within the zone
--   of trust.
accessPreviewFinding_principal :: Lens' AccessPreviewFinding (Maybe (HashMap Text Text))

-- | The resource that an external principal has access to. This is the
--   resource associated with the access preview.
accessPreviewFinding_resource :: Lens' AccessPreviewFinding (Maybe Text)

-- | The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
accessPreviewFinding_sources :: Lens' AccessPreviewFinding (Maybe [FindingSource])

-- | The ID of the access preview finding. This ID uniquely identifies the
--   element in the list of access preview findings and is not related to
--   the finding ID in Access Analyzer.
accessPreviewFinding_id :: Lens' AccessPreviewFinding Text

-- | The type of the resource that can be accessed in the finding.
accessPreviewFinding_resourceType :: Lens' AccessPreviewFinding ResourceType

-- | The time at which the access preview finding was created.
accessPreviewFinding_createdAt :: Lens' AccessPreviewFinding UTCTime

-- | Provides context on how the access preview finding compares to
--   existing access identified in IAM Access Analyzer.
--   
--   <ul>
--   <li><tt>New</tt> - The finding is for newly-introduced access.</li>
--   <li><tt>Unchanged</tt> - The preview finding is an existing finding
--   that would remain unchanged.</li>
--   <li><tt>Changed</tt> - The preview finding is an existing finding with
--   a change in status.</li>
--   </ul>
--   
--   For example, a <tt>Changed</tt> finding with preview status
--   <tt>Resolved</tt> and existing status <tt>Active</tt> indicates the
--   existing <tt>Active</tt> finding would become <tt>Resolved</tt> as a
--   result of the proposed permissions change.
accessPreviewFinding_changeType :: Lens' AccessPreviewFinding FindingChangeType

-- | The preview status of the finding. This is what the status of the
--   finding would be after permissions deployment. For example, a
--   <tt>Changed</tt> finding with preview status <tt>Resolved</tt> and
--   existing status <tt>Active</tt> indicates the existing <tt>Active</tt>
--   finding would become <tt>Resolved</tt> as a result of the proposed
--   permissions change.
accessPreviewFinding_status :: Lens' AccessPreviewFinding FindingStatus

-- | The Amazon Web Services account ID that owns the resource. For most
--   Amazon Web Services resources, the owning account is the account in
--   which the resource was created.
accessPreviewFinding_resourceOwnerAccount :: Lens' AccessPreviewFinding Text

-- | The reason code for the current status of the access preview.
accessPreviewStatusReason_code :: Lens' AccessPreviewStatusReason AccessPreviewStatusReasonCode

-- | Undocumented member.
accessPreviewSummary_statusReason :: Lens' AccessPreviewSummary (Maybe AccessPreviewStatusReason)

-- | The unique ID for the access preview.
accessPreviewSummary_id :: Lens' AccessPreviewSummary Text

-- | The ARN of the analyzer used to generate the access preview.
accessPreviewSummary_analyzerArn :: Lens' AccessPreviewSummary Text

-- | The time at which the access preview was created.
accessPreviewSummary_createdAt :: Lens' AccessPreviewSummary UTCTime

-- | The status of the access preview.
--   
--   <ul>
--   <li><tt>Creating</tt> - The access preview creation is in
--   progress.</li>
--   <li><tt>Completed</tt> - The access preview is complete and previews
--   the findings for external access to the resource.</li>
--   <li><tt>Failed</tt> - The access preview creation has failed.</li>
--   </ul>
accessPreviewSummary_status :: Lens' AccessPreviewSummary AccessPreviewStatus

-- | The value specified is the canonical user ID of an Amazon Web Services
--   account.
aclGrantee_id :: Lens' AclGrantee (Maybe Text)

-- | Used for granting permissions to a predefined group.
aclGrantee_uri :: Lens' AclGrantee (Maybe Text)

-- | The actions that an external principal is granted permission to use by
--   the policy that generated the finding.
analyzedResource_actions :: Lens' AnalyzedResource (Maybe [Text])

-- | An error message.
analyzedResource_error :: Lens' AnalyzedResource (Maybe Text)

-- | Indicates how the access that generated the finding is granted. This
--   is populated for Amazon S3 bucket findings.
analyzedResource_sharedVia :: Lens' AnalyzedResource (Maybe [Text])

-- | The current status of the finding generated from the analyzed
--   resource.
analyzedResource_status :: Lens' AnalyzedResource (Maybe FindingStatus)

-- | The ARN of the resource that was analyzed.
analyzedResource_resourceArn :: Lens' AnalyzedResource Text

-- | The type of the resource that was analyzed.
analyzedResource_resourceType :: Lens' AnalyzedResource ResourceType

-- | The time at which the finding was created.
analyzedResource_createdAt :: Lens' AnalyzedResource UTCTime

-- | The time at which the resource was analyzed.
analyzedResource_analyzedAt :: Lens' AnalyzedResource UTCTime

-- | The time at which the finding was updated.
analyzedResource_updatedAt :: Lens' AnalyzedResource UTCTime

-- | Indicates whether the policy that generated the finding grants public
--   access to the resource.
analyzedResource_isPublic :: Lens' AnalyzedResource Bool

-- | The Amazon Web Services account ID that owns the resource.
analyzedResource_resourceOwnerAccount :: Lens' AnalyzedResource Text

-- | The ARN of the analyzed resource.
analyzedResourceSummary_resourceArn :: Lens' AnalyzedResourceSummary Text

-- | The Amazon Web Services account ID that owns the resource.
analyzedResourceSummary_resourceOwnerAccount :: Lens' AnalyzedResourceSummary Text

-- | The type of resource that was analyzed.
analyzedResourceSummary_resourceType :: Lens' AnalyzedResourceSummary ResourceType

-- | The resource that was most recently analyzed by the analyzer.
analyzerSummary_lastResourceAnalyzed :: Lens' AnalyzerSummary (Maybe Text)

-- | The time at which the most recently analyzed resource was analyzed.
analyzerSummary_lastResourceAnalyzedAt :: Lens' AnalyzerSummary (Maybe UTCTime)

-- | The <tt>statusReason</tt> provides more details about the current
--   status of the analyzer. For example, if the creation for the analyzer
--   fails, a <tt>Failed</tt> status is returned. For an analyzer with
--   organization as the type, this failure can be due to an issue with
--   creating the service-linked roles required in the member accounts of
--   the Amazon Web Services organization.
analyzerSummary_statusReason :: Lens' AnalyzerSummary (Maybe StatusReason)

-- | The tags added to the analyzer.
analyzerSummary_tags :: Lens' AnalyzerSummary (Maybe (HashMap Text Text))

-- | The ARN of the analyzer.
analyzerSummary_arn :: Lens' AnalyzerSummary Text

-- | The name of the analyzer.
analyzerSummary_name :: Lens' AnalyzerSummary Text

-- | The type of analyzer, which corresponds to the zone of trust chosen
--   for the analyzer.
analyzerSummary_type :: Lens' AnalyzerSummary Type

-- | A timestamp for the time at which the analyzer was created.
analyzerSummary_createdAt :: Lens' AnalyzerSummary UTCTime

-- | The status of the analyzer. An <tt>Active</tt> analyzer successfully
--   monitors supported resources and generates new findings. The analyzer
--   is <tt>Disabled</tt> when a user action, such as removing trusted
--   access for Identity and Access Management Access Analyzer from
--   Organizations, causes the analyzer to stop generating new findings.
--   The status is <tt>Creating</tt> when the analyzer creation is in
--   progress and <tt>Failed</tt> when the analyzer creation has failed.
analyzerSummary_status :: Lens' AnalyzerSummary AnalyzerStatus

-- | The name of the archive rule.
archiveRuleSummary_ruleName :: Lens' ArchiveRuleSummary Text

-- | A filter used to define the archive rule.
archiveRuleSummary_filter :: Lens' ArchiveRuleSummary (HashMap Text Criterion)

-- | The time at which the archive rule was created.
archiveRuleSummary_createdAt :: Lens' ArchiveRuleSummary UTCTime

-- | The time at which the archive rule was last updated.
archiveRuleSummary_updatedAt :: Lens' ArchiveRuleSummary UTCTime

-- | The end of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp after this time are not
--   considered to generate a policy. If this is not included in the
--   request, the default value is the current time.
cloudTrailDetails_endTime :: Lens' CloudTrailDetails (Maybe UTCTime)

-- | A <tt>Trail</tt> object that contains settings for a trail.
cloudTrailDetails_trails :: Lens' CloudTrailDetails [Trail]

-- | The ARN of the service role that IAM Access Analyzer uses to access
--   your CloudTrail trail and service last accessed information.
cloudTrailDetails_accessRole :: Lens' CloudTrailDetails Text

-- | The start of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp before this time are not
--   considered to generate a policy.
cloudTrailDetails_startTime :: Lens' CloudTrailDetails UTCTime

-- | A <tt>TrailProperties</tt> object that contains settings for trail
--   properties.
cloudTrailProperties_trailProperties :: Lens' CloudTrailProperties [TrailProperties]

-- | The start of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp before this time are not
--   considered to generate a policy.
cloudTrailProperties_startTime :: Lens' CloudTrailProperties UTCTime

-- | The end of the time range for which IAM Access Analyzer reviews your
--   CloudTrail events. Events with a timestamp after this time are not
--   considered to generate a policy. If this is not included in the
--   request, the default value is the current time.
cloudTrailProperties_endTime :: Lens' CloudTrailProperties UTCTime

-- | The access control configuration is for an Amazon EBS volume snapshot.
configuration_ebsSnapshot :: Lens' Configuration (Maybe EbsSnapshotConfiguration)

-- | The access control configuration is for an Amazon ECR repository.
configuration_ecrRepository :: Lens' Configuration (Maybe EcrRepositoryConfiguration)

-- | The access control configuration is for an Amazon EFS file system.
configuration_efsFileSystem :: Lens' Configuration (Maybe EfsFileSystemConfiguration)

-- | The access control configuration is for an IAM role.
configuration_iamRole :: Lens' Configuration (Maybe IamRoleConfiguration)

-- | The access control configuration is for a KMS key.
configuration_kmsKey :: Lens' Configuration (Maybe KmsKeyConfiguration)

-- | The access control configuration is for an Amazon RDS DB cluster
--   snapshot.
configuration_rdsDbClusterSnapshot :: Lens' Configuration (Maybe RdsDbClusterSnapshotConfiguration)

-- | The access control configuration is for an Amazon RDS DB snapshot.
configuration_rdsDbSnapshot :: Lens' Configuration (Maybe RdsDbSnapshotConfiguration)

-- | The access control configuration is for an Amazon S3 Bucket.
configuration_s3Bucket :: Lens' Configuration (Maybe S3BucketConfiguration)

-- | The access control configuration is for a Secrets Manager secret.
configuration_secretsManagerSecret :: Lens' Configuration (Maybe SecretsManagerSecretConfiguration)

-- | The access control configuration is for an Amazon SNS topic
configuration_snsTopic :: Lens' Configuration (Maybe SnsTopicConfiguration)

-- | The access control configuration is for an Amazon SQS queue.
configuration_sqsQueue :: Lens' Configuration (Maybe SqsQueueConfiguration)

-- | A "contains" operator to match for the filter used to create the rule.
criterion_contains :: Lens' Criterion (Maybe (NonEmpty Text))

-- | An "equals" operator to match for the filter used to create the rule.
criterion_eq :: Lens' Criterion (Maybe (NonEmpty Text))

-- | An "exists" operator to match for the filter used to create the rule.
criterion_exists :: Lens' Criterion (Maybe Bool)

-- | A "not equals" operator to match for the filter used to create the
--   rule.
criterion_neq :: Lens' Criterion (Maybe (NonEmpty Text))

-- | The groups that have access to the Amazon EBS volume snapshot. If the
--   value <tt>all</tt> is specified, then the Amazon EBS volume snapshot
--   is public.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>groups</tt>, then the access preview
--   uses the existing shared <tt>groups</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>groups</tt>, then the access preview considers the snapshot
--   without any <tt>groups</tt>.</li>
--   <li>To propose deletion of existing shared <tt>groups</tt>, you can
--   specify an empty list for <tt>groups</tt>.</li>
--   </ul>
ebsSnapshotConfiguration_groups :: Lens' EbsSnapshotConfiguration (Maybe [Text])

-- | The KMS key identifier for an encrypted Amazon EBS volume snapshot.
--   The KMS key identifier is the key ARN, key ID, alias ARN, or alias
--   name for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>kmsKeyId</tt>, or you specify an empty
--   string, then the access preview uses the existing <tt>kmsKeyId</tt> of
--   the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>kmsKeyId</tt>, the access preview considers the snapshot as
--   unencrypted.</li>
--   </ul>
ebsSnapshotConfiguration_kmsKeyId :: Lens' EbsSnapshotConfiguration (Maybe Text)

-- | The IDs of the Amazon Web Services accounts that have access to the
--   Amazon EBS volume snapshot.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>userIds</tt>, then the access preview
--   uses the existing shared <tt>userIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>userIds</tt>, then the access preview considers the snapshot
--   without any <tt>userIds</tt>.</li>
--   <li>To propose deletion of existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>userIds</tt>.</li>
--   </ul>
ebsSnapshotConfiguration_userIds :: Lens' EbsSnapshotConfiguration (Maybe [Text])

-- | The JSON repository policy text to apply to the Amazon ECR repository.
--   For more information, see <a>Private repository policy examples</a> in
--   the <i>Amazon ECR User Guide</i>.
ecrRepositoryConfiguration_repositoryPolicy :: Lens' EcrRepositoryConfiguration (Maybe Text)

-- | The JSON policy definition to apply to the Amazon EFS file system. For
--   more information on the elements that make up a file system policy,
--   see <a>Amazon EFS Resource-based policies</a>.
efsFileSystemConfiguration_fileSystemPolicy :: Lens' EfsFileSystemConfiguration (Maybe Text)

-- | The action in the analyzed policy statement that an external principal
--   has permission to use.
finding_action :: Lens' Finding (Maybe [Text])

-- | An error.
finding_error :: Lens' Finding (Maybe Text)

-- | Indicates whether the policy that generated the finding allows public
--   access to the resource.
finding_isPublic :: Lens' Finding (Maybe Bool)

-- | The external principal that access to a resource within the zone of
--   trust.
finding_principal :: Lens' Finding (Maybe (HashMap Text Text))

-- | The resource that an external principal has access to.
finding_resource :: Lens' Finding (Maybe Text)

-- | The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
finding_sources :: Lens' Finding (Maybe [FindingSource])

-- | The ID of the finding.
finding_id :: Lens' Finding Text

-- | The type of the resource identified in the finding.
finding_resourceType :: Lens' Finding ResourceType

-- | The condition in the analyzed policy statement that resulted in a
--   finding.
finding_condition :: Lens' Finding (HashMap Text Text)

-- | The time at which the finding was generated.
finding_createdAt :: Lens' Finding UTCTime

-- | The time at which the resource was analyzed.
finding_analyzedAt :: Lens' Finding UTCTime

-- | The time at which the finding was updated.
finding_updatedAt :: Lens' Finding UTCTime

-- | The current status of the finding.
finding_status :: Lens' Finding FindingStatus

-- | The Amazon Web Services account ID that owns the resource.
finding_resourceOwnerAccount :: Lens' Finding Text

-- | Includes details about how the access that generated the finding is
--   granted. This is populated for Amazon S3 bucket findings.
findingSource_detail :: Lens' FindingSource (Maybe FindingSourceDetail)

-- | Indicates the type of access that generated the finding.
findingSource_type :: Lens' FindingSource FindingSourceType

-- | The account of the cross-account access point that generated the
--   finding.
findingSourceDetail_accessPointAccount :: Lens' FindingSourceDetail (Maybe Text)

-- | The ARN of the access point that generated the finding. The ARN format
--   depends on whether the ARN represents an access point or a
--   multi-region access point.
findingSourceDetail_accessPointArn :: Lens' FindingSourceDetail (Maybe Text)

-- | The action in the analyzed policy statement that an external principal
--   has permission to use.
findingSummary_action :: Lens' FindingSummary (Maybe [Text])

-- | The error that resulted in an Error finding.
findingSummary_error :: Lens' FindingSummary (Maybe Text)

-- | Indicates whether the finding reports a resource that has a policy
--   that allows public access.
findingSummary_isPublic :: Lens' FindingSummary (Maybe Bool)

-- | The external principal that has access to a resource within the zone
--   of trust.
findingSummary_principal :: Lens' FindingSummary (Maybe (HashMap Text Text))

-- | The resource that the external principal has access to.
findingSummary_resource :: Lens' FindingSummary (Maybe Text)

-- | The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
findingSummary_sources :: Lens' FindingSummary (Maybe [FindingSource])

-- | The ID of the finding.
findingSummary_id :: Lens' FindingSummary Text

-- | The type of the resource that the external principal has access to.
findingSummary_resourceType :: Lens' FindingSummary ResourceType

-- | The condition in the analyzed policy statement that resulted in a
--   finding.
findingSummary_condition :: Lens' FindingSummary (HashMap Text Text)

-- | The time at which the finding was created.
findingSummary_createdAt :: Lens' FindingSummary UTCTime

-- | The time at which the resource-based policy that generated the finding
--   was analyzed.
findingSummary_analyzedAt :: Lens' FindingSummary UTCTime

-- | The time at which the finding was most recently updated.
findingSummary_updatedAt :: Lens' FindingSummary UTCTime

-- | The status of the finding.
findingSummary_status :: Lens' FindingSummary FindingStatus

-- | The Amazon Web Services account ID that owns the resource.
findingSummary_resourceOwnerAccount :: Lens' FindingSummary Text

-- | The text to use as the content for the new policy. The policy is
--   created using the <a>CreatePolicy</a> action.
generatedPolicy_policy :: Lens' GeneratedPolicy Text

-- | Lists details about the <tt>Trail</tt> used to generated policy.
generatedPolicyProperties_cloudTrailProperties :: Lens' GeneratedPolicyProperties (Maybe CloudTrailProperties)

-- | This value is set to <tt>true</tt> if the generated policy contains
--   all possible actions for a service that IAM Access Analyzer identified
--   from the CloudTrail trail that you specified, and <tt>false</tt>
--   otherwise.
generatedPolicyProperties_isComplete :: Lens' GeneratedPolicyProperties (Maybe Bool)

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy.
generatedPolicyProperties_principalArn :: Lens' GeneratedPolicyProperties Text

-- | The text to use as the content for the new policy. The policy is
--   created using the <a>CreatePolicy</a> action.
generatedPolicyResult_generatedPolicies :: Lens' GeneratedPolicyResult (Maybe [GeneratedPolicy])

-- | A <tt>GeneratedPolicyProperties</tt> object that contains properties
--   of the generated policy.
generatedPolicyResult_properties :: Lens' GeneratedPolicyResult GeneratedPolicyProperties

-- | The proposed trust policy for the IAM role.
iamRoleConfiguration_trustPolicy :: Lens' IamRoleConfiguration (Maybe Text)

-- | The name of the rule.
inlineArchiveRule_ruleName :: Lens' InlineArchiveRule Text

-- | The condition and values for a criterion.
inlineArchiveRule_filter :: Lens' InlineArchiveRule (HashMap Text Criterion)

-- | A timestamp of when the job was completed.
jobDetails_completedOn :: Lens' JobDetails (Maybe UTCTime)

-- | The job error for the policy generation request.
jobDetails_jobError :: Lens' JobDetails (Maybe JobError)

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
jobDetails_jobId :: Lens' JobDetails Text

-- | The status of the job request.
jobDetails_status :: Lens' JobDetails JobStatus

-- | A timestamp of when the job was started.
jobDetails_startedOn :: Lens' JobDetails UTCTime

-- | The job error code.
jobError_code :: Lens' JobError JobErrorCode

-- | Specific information about the error. For example, which service quota
--   was exceeded or which resource was not found.
jobError_message :: Lens' JobError Text

-- | Use this structure to propose allowing <a>cryptographic operations</a>
--   in the grant only when the operation request includes the specified
--   <a>encryption context</a>.
kmsGrantConfiguration_constraints :: Lens' KmsGrantConfiguration (Maybe KmsGrantConstraints)

-- | The principal that is given permission to retire the grant by using
--   <a>RetireGrant</a> operation.
kmsGrantConfiguration_retiringPrincipal :: Lens' KmsGrantConfiguration (Maybe Text)

-- | A list of operations that the grant permits.
kmsGrantConfiguration_operations :: Lens' KmsGrantConfiguration [KmsGrantOperation]

-- | The principal that is given permission to perform the operations that
--   the grant permits.
kmsGrantConfiguration_granteePrincipal :: Lens' KmsGrantConfiguration Text

-- | The Amazon Web Services account under which the grant was issued. The
--   account is used to propose KMS grants issued by accounts other than
--   the owner of the key.
kmsGrantConfiguration_issuingAccount :: Lens' KmsGrantConfiguration Text

-- | A list of key-value pairs that must match the encryption context in
--   the <a>cryptographic operation</a> request. The grant allows the
--   operation only when the encryption context in the request is the same
--   as the encryption context specified in this constraint.
kmsGrantConstraints_encryptionContextEquals :: Lens' KmsGrantConstraints (Maybe (HashMap Text Text))

-- | A list of key-value pairs that must be included in the encryption
--   context of the <a>cryptographic operation</a> request. The grant
--   allows the cryptographic operation only when the encryption context in
--   the request includes the key-value pairs specified in this constraint,
--   although it can include additional key-value pairs.
kmsGrantConstraints_encryptionContextSubset :: Lens' KmsGrantConstraints (Maybe (HashMap Text Text))

-- | A list of proposed grant configurations for the KMS key. If the
--   proposed grant configuration is for an existing key, the access
--   preview uses the proposed list of grant configurations in place of the
--   existing grants. Otherwise, the access preview uses the existing
--   grants for the key.
kmsKeyConfiguration_grants :: Lens' KmsKeyConfiguration (Maybe [KmsGrantConfiguration])

-- | Resource policy configuration for the KMS key. The only valid value
--   for the name of the key policy is <tt>default</tt>. For more
--   information, see <a>Default key policy</a>.
kmsKeyConfiguration_keyPolicies :: Lens' KmsKeyConfiguration (Maybe (HashMap Text Text))

-- | A path in a policy, represented as a sequence of path elements.
location_path :: Lens' Location [PathElement]

-- | A span in a policy.
location_span :: Lens' Location Span

-- | The configuration for the Amazon S3 access point or multi-region
--   access point with an <tt>Internet</tt> origin.
networkOriginConfiguration_internetConfiguration :: Lens' NetworkOriginConfiguration (Maybe InternetConfiguration)

-- | Undocumented member.
networkOriginConfiguration_vpcConfiguration :: Lens' NetworkOriginConfiguration (Maybe VpcConfiguration)

-- | Refers to an index in a JSON array.
pathElement_index :: Lens' PathElement (Maybe Int)

-- | Refers to a key in a JSON object.
pathElement_key :: Lens' PathElement (Maybe Text)

-- | Refers to a substring of a literal string in a JSON object.
pathElement_substring :: Lens' PathElement (Maybe Substring)

-- | Refers to the value associated with a given key in a JSON object.
pathElement_value :: Lens' PathElement (Maybe Text)

-- | A timestamp of when the policy generation was completed.
policyGeneration_completedOn :: Lens' PolicyGeneration (Maybe UTCTime)

-- | The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
policyGeneration_jobId :: Lens' PolicyGeneration Text

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy.
policyGeneration_principalArn :: Lens' PolicyGeneration Text

-- | The status of the policy generation request.
policyGeneration_status :: Lens' PolicyGeneration JobStatus

-- | A timestamp of when the policy generation started.
policyGeneration_startedOn :: Lens' PolicyGeneration UTCTime

-- | The ARN of the IAM entity (user or role) for which you are generating
--   a policy.
policyGenerationDetails_principalArn :: Lens' PolicyGenerationDetails Text

-- | The line of the position, starting from 1.
position_line :: Lens' Position Int

-- | The column of the position, starting from 0.
position_column :: Lens' Position Int

-- | The offset within the policy that corresponds to the position,
--   starting from 0.
position_offset :: Lens' Position Int

-- | The Amazon Web Services account IDs that have access to the manual
--   Amazon RDS DB cluster snapshot. If the value <tt>all</tt> is
--   specified, then the Amazon RDS DB cluster snapshot is public and can
--   be copied or restored by all Amazon Web Services accounts.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB cluster
--   snapshot and you do not specify the <tt>accountIds</tt> in
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>, then the access preview
--   uses the existing shared <tt>accountIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>accountIds</tt> in
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>, then the access preview
--   considers the snapshot without any attributes.</li>
--   <li>To propose deletion of existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>accountIds</tt> in the
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>.</li>
--   </ul>
rdsDbClusterSnapshotAttributeValue_accountIds :: Lens' RdsDbClusterSnapshotAttributeValue (Maybe [Text])

-- | The names and values of manual DB cluster snapshot attributes. Manual
--   DB cluster snapshot attributes are used to authorize other Amazon Web
--   Services accounts to restore a manual DB cluster snapshot. The only
--   valid value for <tt>AttributeName</tt> for the attribute map is
--   <tt>restore</tt>
rdsDbClusterSnapshotConfiguration_attributes :: Lens' RdsDbClusterSnapshotConfiguration (Maybe (HashMap Text RdsDbClusterSnapshotAttributeValue))

-- | The KMS key identifier for an encrypted Amazon RDS DB cluster
--   snapshot. The KMS key identifier is the key ARN, key ID, alias ARN, or
--   alias name for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB cluster
--   snapshot and you do not specify the <tt>kmsKeyId</tt>, or you specify
--   an empty string, then the access preview uses the existing
--   <tt>kmsKeyId</tt> of the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>kmsKeyId</tt>, then the access preview considers
--   the snapshot as unencrypted.</li>
--   </ul>
rdsDbClusterSnapshotConfiguration_kmsKeyId :: Lens' RdsDbClusterSnapshotConfiguration (Maybe Text)

-- | The Amazon Web Services account IDs that have access to the manual
--   Amazon RDS DB snapshot. If the value <tt>all</tt> is specified, then
--   the Amazon RDS DB snapshot is public and can be copied or restored by
--   all Amazon Web Services accounts.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB snapshot and
--   you do not specify the <tt>accountIds</tt> in
--   <tt>RdsDbSnapshotAttributeValue</tt>, then the access preview uses the
--   existing shared <tt>accountIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>accountIds</tt> in
--   <tt>RdsDbSnapshotAttributeValue</tt>, then the access preview
--   considers the snapshot without any attributes.</li>
--   <li>To propose deletion of an existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>accountIds</tt> in the
--   <tt>RdsDbSnapshotAttributeValue</tt>.</li>
--   </ul>
rdsDbSnapshotAttributeValue_accountIds :: Lens' RdsDbSnapshotAttributeValue (Maybe [Text])

-- | The names and values of manual DB snapshot attributes. Manual DB
--   snapshot attributes are used to authorize other Amazon Web Services
--   accounts to restore a manual DB snapshot. The only valid value for
--   <tt>attributeName</tt> for the attribute map is restore.
rdsDbSnapshotConfiguration_attributes :: Lens' RdsDbSnapshotConfiguration (Maybe (HashMap Text RdsDbSnapshotAttributeValue))

-- | The KMS key identifier for an encrypted Amazon RDS DB snapshot. The
--   KMS key identifier is the key ARN, key ID, alias ARN, or alias name
--   for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB snapshot and
--   you do not specify the <tt>kmsKeyId</tt>, or you specify an empty
--   string, then the access preview uses the existing <tt>kmsKeyId</tt> of
--   the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>kmsKeyId</tt>, then the access preview considers
--   the snapshot as unencrypted.</li>
--   </ul>
rdsDbSnapshotConfiguration_kmsKeyId :: Lens' RdsDbSnapshotConfiguration (Maybe Text)

-- | The access point or multi-region access point policy.
s3AccessPointConfiguration_accessPointPolicy :: Lens' S3AccessPointConfiguration (Maybe Text)

-- | The proposed <tt>Internet</tt> and <tt>VpcConfiguration</tt> to apply
--   to this Amazon S3 access point. <tt>VpcConfiguration</tt> does not
--   apply to multi-region access points. If the access preview is for a
--   new resource and neither is specified, the access preview uses
--   <tt>Internet</tt> for the network origin. If the access preview is for
--   an existing resource and neither is specified, the access preview uses
--   the exiting network origin.
s3AccessPointConfiguration_networkOrigin :: Lens' S3AccessPointConfiguration (Maybe NetworkOriginConfiguration)

-- | The proposed <tt>S3PublicAccessBlock</tt> configuration to apply to
--   this Amazon S3 access point or multi-region access point.
s3AccessPointConfiguration_publicAccessBlock :: Lens' S3AccessPointConfiguration (Maybe S3PublicAccessBlockConfiguration)

-- | The permissions being granted.
s3BucketAclGrantConfiguration_permission :: Lens' S3BucketAclGrantConfiguration AclPermission

-- | The grantee to whom you’re assigning access rights.
s3BucketAclGrantConfiguration_grantee :: Lens' S3BucketAclGrantConfiguration AclGrantee

-- | The configuration of Amazon S3 access points or multi-region access
--   points for the bucket. You can propose up to 10 new access points per
--   bucket.
s3BucketConfiguration_accessPoints :: Lens' S3BucketConfiguration (Maybe (HashMap Text S3AccessPointConfiguration))

-- | The proposed list of ACL grants for the Amazon S3 bucket. You can
--   propose up to 100 ACL grants per bucket. If the proposed grant
--   configuration is for an existing bucket, the access preview uses the
--   proposed list of grant configurations in place of the existing grants.
--   Otherwise, the access preview uses the existing grants for the bucket.
s3BucketConfiguration_bucketAclGrants :: Lens' S3BucketConfiguration (Maybe [S3BucketAclGrantConfiguration])

-- | The proposed bucket policy for the Amazon S3 bucket.
s3BucketConfiguration_bucketPolicy :: Lens' S3BucketConfiguration (Maybe Text)

-- | The proposed block public access configuration for the Amazon S3
--   bucket.
s3BucketConfiguration_bucketPublicAccessBlock :: Lens' S3BucketConfiguration (Maybe S3PublicAccessBlockConfiguration)

-- | Specifies whether Amazon S3 should ignore public ACLs for this bucket
--   and objects in this bucket.
s3PublicAccessBlockConfiguration_ignorePublicAcls :: Lens' S3PublicAccessBlockConfiguration Bool

-- | Specifies whether Amazon S3 should restrict public bucket policies for
--   this bucket.
s3PublicAccessBlockConfiguration_restrictPublicBuckets :: Lens' S3PublicAccessBlockConfiguration Bool

-- | The proposed ARN, key ID, or alias of the KMS key.
secretsManagerSecretConfiguration_kmsKeyId :: Lens' SecretsManagerSecretConfiguration (Maybe Text)

-- | The proposed resource policy defining who can access or manage the
--   secret.
secretsManagerSecretConfiguration_secretPolicy :: Lens' SecretsManagerSecretConfiguration (Maybe Text)

-- | The JSON policy text that defines who can access an Amazon SNS topic.
--   For more information, see <a>Example cases for Amazon SNS access
--   control</a> in the <i>Amazon SNS Developer Guide</i>.
snsTopicConfiguration_topicPolicy :: Lens' SnsTopicConfiguration (Maybe Text)

-- | The name of the attribute to sort on.
sortCriteria_attributeName :: Lens' SortCriteria (Maybe Text)

-- | The sort order, ascending or descending.
sortCriteria_orderBy :: Lens' SortCriteria (Maybe OrderBy)

-- | The start position of the span (inclusive).
span_start :: Lens' Span Position

-- | The end position of the span (exclusive).
span_end :: Lens' Span Position

-- | The proposed resource policy for the Amazon SQS queue.
sqsQueueConfiguration_queuePolicy :: Lens' SqsQueueConfiguration (Maybe Text)

-- | The reason code for the current status of the analyzer.
statusReason_code :: Lens' StatusReason ReasonCode

-- | The start index of the substring, starting from 0.
substring_start :: Lens' Substring Int

-- | The length of the substring.
substring_length :: Lens' Substring Int

-- | Possible values are <tt>true</tt> or <tt>false</tt>. If set to
--   <tt>true</tt>, IAM Access Analyzer retrieves CloudTrail data from all
--   regions to analyze and generate a policy.
trail_allRegions :: Lens' Trail (Maybe Bool)

-- | A list of regions to get CloudTrail data from and analyze to generate
--   a policy.
trail_regions :: Lens' Trail (Maybe [Text])

-- | Specifies the ARN of the trail. The format of a trail ARN is
--   <tt>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</tt>.
trail_cloudTrailArn :: Lens' Trail Text

-- | Possible values are <tt>true</tt> or <tt>false</tt>. If set to
--   <tt>true</tt>, IAM Access Analyzer retrieves CloudTrail data from all
--   regions to analyze and generate a policy.
trailProperties_allRegions :: Lens' TrailProperties (Maybe Bool)

-- | A list of regions to get CloudTrail data from and analyze to generate
--   a policy.
trailProperties_regions :: Lens' TrailProperties (Maybe [Text])

-- | Specifies the ARN of the trail. The format of a trail ARN is
--   <tt>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</tt>.
trailProperties_cloudTrailArn :: Lens' TrailProperties Text

-- | A localized message that explains the finding and provides guidance on
--   how to address it.
validatePolicyFinding_findingDetails :: Lens' ValidatePolicyFinding Text

-- | The impact of the finding.
--   
--   Security warnings report when the policy allows access that we
--   consider overly permissive.
--   
--   Errors report when a part of the policy is not functional.
--   
--   Warnings report non-security issues when a policy does not conform to
--   policy writing best practices.
--   
--   Suggestions recommend stylistic improvements in the policy that do not
--   impact access.
validatePolicyFinding_findingType :: Lens' ValidatePolicyFinding ValidatePolicyFindingType

-- | The issue code provides an identifier of the issue associated with
--   this finding.
validatePolicyFinding_issueCode :: Lens' ValidatePolicyFinding Text

-- | A link to additional documentation about the type of finding.
validatePolicyFinding_learnMoreLink :: Lens' ValidatePolicyFinding Text

-- | The list of locations in the policy document that are related to the
--   finding. The issue code provides a summary of an issue identified by
--   the finding.
validatePolicyFinding_locations :: Lens' ValidatePolicyFinding [Location]

-- | If this field is specified, this access point will only allow
--   connections from the specified VPC ID.
vpcConfiguration_vpcId :: Lens' VpcConfiguration Text


module Amazonka.AccessAnalyzer.Waiters


-- | Derived from API version <tt>2019-11-01</tt> of the AWS service
--   descriptions, licensed under Apache 2.0.
--   
--   Identity and Access Management Access Analyzer helps identify
--   potential resource-access risks by enabling you to identify any
--   policies that grant access to an external principal. It does this by
--   using logic-based reasoning to analyze resource-based policies in your
--   Amazon Web Services environment. An external principal can be another
--   Amazon Web Services account, a root user, an IAM user or role, a
--   federated user, an Amazon Web Services service, or an anonymous user.
--   You can also use IAM Access Analyzer to preview and validate public
--   and cross-account access to your resources before deploying
--   permissions changes. This guide describes the Identity and Access
--   Management Access Analyzer operations that you can call
--   programmatically. For general information about IAM Access Analyzer,
--   see <a>Identity and Access Management Access Analyzer</a> in the
--   <b>IAM User Guide</b>.
--   
--   To start using IAM Access Analyzer, you first need to create an
--   analyzer.
module Amazonka.AccessAnalyzer

-- | API version <tt>2019-11-01</tt> of the Amazon Access Analyzer SDK
--   configuration.
defaultService :: Service

-- | You do not have sufficient access to perform this action.
_AccessDeniedException :: AsError a => Fold a ServiceError

-- | A conflict exception error.
_ConflictException :: AsError a => Fold a ServiceError

-- | Internal server error.
_InternalServerException :: AsError a => Fold a ServiceError

-- | The specified resource could not be found.
_ResourceNotFoundException :: AsError a => Fold a ServiceError

-- | Service quote met error.
_ServiceQuotaExceededException :: AsError a => Fold a ServiceError

-- | Throttling limit exceeded error.
_ThrottlingException :: AsError a => Fold a ServiceError

-- | Validation exception error.
_ValidationException :: AsError a => Fold a ServiceError

-- | Retroactively applies an archive rule.
--   
--   <i>See:</i> <a>newApplyArchiveRule</a> smart constructor.
data ApplyArchiveRule
ApplyArchiveRule' :: Maybe Text -> Text -> Text -> ApplyArchiveRule

-- | Create a value of <a>ApplyArchiveRule</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:clientToken:ApplyArchiveRule'</a>,
--   <a>applyArchiveRule_clientToken</a> - A client token.
--   
--   <a>ApplyArchiveRule</a>, <a>applyArchiveRule_analyzerArn</a> - The
--   Amazon resource name (ARN) of the analyzer.
--   
--   <a>ApplyArchiveRule</a>, <a>applyArchiveRule_ruleName</a> - The name
--   of the rule to apply.
newApplyArchiveRule :: Text -> Text -> ApplyArchiveRule

-- | <i>See:</i> <a>newApplyArchiveRuleResponse</a> smart constructor.
data ApplyArchiveRuleResponse
ApplyArchiveRuleResponse' :: ApplyArchiveRuleResponse

-- | Create a value of <a>ApplyArchiveRuleResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newApplyArchiveRuleResponse :: ApplyArchiveRuleResponse

-- | <i>See:</i> <a>newCancelPolicyGeneration</a> smart constructor.
data CancelPolicyGeneration
CancelPolicyGeneration' :: Text -> CancelPolicyGeneration

-- | Create a value of <a>CancelPolicyGeneration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>CancelPolicyGeneration</a>, <a>cancelPolicyGeneration_jobId</a> -
--   The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
newCancelPolicyGeneration :: Text -> CancelPolicyGeneration

-- | <i>See:</i> <a>newCancelPolicyGenerationResponse</a> smart
--   constructor.
data CancelPolicyGenerationResponse
CancelPolicyGenerationResponse' :: Int -> CancelPolicyGenerationResponse

-- | Create a value of <a>CancelPolicyGenerationResponse</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:CancelPolicyGenerationResponse'</a>,
--   <a>cancelPolicyGenerationResponse_httpStatus</a> - The response's http
--   status code.
newCancelPolicyGenerationResponse :: Int -> CancelPolicyGenerationResponse

-- | <i>See:</i> <a>newCreateAccessPreview</a> smart constructor.
data CreateAccessPreview
CreateAccessPreview' :: Maybe Text -> Text -> HashMap Text Configuration -> CreateAccessPreview

-- | Create a value of <a>CreateAccessPreview</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:clientToken:CreateAccessPreview'</a>,
--   <a>createAccessPreview_clientToken</a> - A client token.
--   
--   <a>CreateAccessPreview</a>, <a>createAccessPreview_analyzerArn</a> -
--   The <a>ARN of the account analyzer</a> used to generate the access
--   preview. You can only create an access preview for analyzers with an
--   <tt>Account</tt> type and <tt>Active</tt> status.
--   
--   <a>CreateAccessPreview</a>, <a>createAccessPreview_configurations</a>
--   - Access control configuration for your resource that is used to
--   generate the access preview. The access preview includes findings for
--   external access allowed to the resource with the proposed access
--   control configuration. The configuration must contain exactly one
--   element.
newCreateAccessPreview :: Text -> CreateAccessPreview

-- | <i>See:</i> <a>newCreateAccessPreviewResponse</a> smart constructor.
data CreateAccessPreviewResponse
CreateAccessPreviewResponse' :: Int -> Text -> CreateAccessPreviewResponse

-- | Create a value of <a>CreateAccessPreviewResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:CreateAccessPreviewResponse'</a>,
--   <a>createAccessPreviewResponse_httpStatus</a> - The response's http
--   status code.
--   
--   <a>CreateAccessPreviewResponse</a>,
--   <a>createAccessPreviewResponse_id</a> - The unique ID for the access
--   preview.
newCreateAccessPreviewResponse :: Int -> Text -> CreateAccessPreviewResponse

-- | Creates an analyzer.
--   
--   <i>See:</i> <a>newCreateAnalyzer</a> smart constructor.
data CreateAnalyzer
CreateAnalyzer' :: Maybe [InlineArchiveRule] -> Maybe Text -> Maybe (HashMap Text Text) -> Text -> Type -> CreateAnalyzer

-- | Create a value of <a>CreateAnalyzer</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:archiveRules:CreateAnalyzer'</a>,
--   <a>createAnalyzer_archiveRules</a> - Specifies the archive rules to
--   add for the analyzer. Archive rules automatically archive findings
--   that meet the criteria you define for the rule.
--   
--   <a>$sel:clientToken:CreateAnalyzer'</a>,
--   <a>createAnalyzer_clientToken</a> - A client token.
--   
--   <a>CreateAnalyzer</a>, <a>createAnalyzer_tags</a> - The tags to apply
--   to the analyzer.
--   
--   <a>$sel:analyzerName:CreateAnalyzer'</a>,
--   <a>createAnalyzer_analyzerName</a> - The name of the analyzer to
--   create.
--   
--   <a>CreateAnalyzer</a>, <a>createAnalyzer_type</a> - The type of
--   analyzer to create. Only ACCOUNT and ORGANIZATION analyzers are
--   supported. You can create only one analyzer per account per Region.
--   You can create up to 5 analyzers per organization per Region.
newCreateAnalyzer :: Text -> Type -> CreateAnalyzer

-- | The response to the request to create an analyzer.
--   
--   <i>See:</i> <a>newCreateAnalyzerResponse</a> smart constructor.
data CreateAnalyzerResponse
CreateAnalyzerResponse' :: Maybe Text -> Int -> CreateAnalyzerResponse

-- | Create a value of <a>CreateAnalyzerResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>CreateAnalyzerResponse</a>, <a>createAnalyzerResponse_arn</a> - The
--   ARN of the analyzer that was created by the request.
--   
--   <a>$sel:httpStatus:CreateAnalyzerResponse'</a>,
--   <a>createAnalyzerResponse_httpStatus</a> - The response's http status
--   code.
newCreateAnalyzerResponse :: Int -> CreateAnalyzerResponse

-- | Creates an archive rule.
--   
--   <i>See:</i> <a>newCreateArchiveRule</a> smart constructor.
data CreateArchiveRule
CreateArchiveRule' :: Maybe Text -> Text -> Text -> HashMap Text Criterion -> CreateArchiveRule

-- | Create a value of <a>CreateArchiveRule</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:clientToken:CreateArchiveRule'</a>,
--   <a>createArchiveRule_clientToken</a> - A client token.
--   
--   <a>$sel:analyzerName:CreateArchiveRule'</a>,
--   <a>createArchiveRule_analyzerName</a> - The name of the created
--   analyzer.
--   
--   <a>CreateArchiveRule</a>, <a>createArchiveRule_ruleName</a> - The name
--   of the rule to create.
--   
--   <a>CreateArchiveRule</a>, <a>createArchiveRule_filter</a> - The
--   criteria for the rule.
newCreateArchiveRule :: Text -> Text -> CreateArchiveRule

-- | <i>See:</i> <a>newCreateArchiveRuleResponse</a> smart constructor.
data CreateArchiveRuleResponse
CreateArchiveRuleResponse' :: CreateArchiveRuleResponse

-- | Create a value of <a>CreateArchiveRuleResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newCreateArchiveRuleResponse :: CreateArchiveRuleResponse

-- | Deletes an analyzer.
--   
--   <i>See:</i> <a>newDeleteAnalyzer</a> smart constructor.
data DeleteAnalyzer
DeleteAnalyzer' :: Maybe Text -> Text -> DeleteAnalyzer

-- | Create a value of <a>DeleteAnalyzer</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:clientToken:DeleteAnalyzer'</a>,
--   <a>deleteAnalyzer_clientToken</a> - A client token.
--   
--   <a>$sel:analyzerName:DeleteAnalyzer'</a>,
--   <a>deleteAnalyzer_analyzerName</a> - The name of the analyzer to
--   delete.
newDeleteAnalyzer :: Text -> DeleteAnalyzer

-- | <i>See:</i> <a>newDeleteAnalyzerResponse</a> smart constructor.
data DeleteAnalyzerResponse
DeleteAnalyzerResponse' :: DeleteAnalyzerResponse

-- | Create a value of <a>DeleteAnalyzerResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newDeleteAnalyzerResponse :: DeleteAnalyzerResponse

-- | Deletes an archive rule.
--   
--   <i>See:</i> <a>newDeleteArchiveRule</a> smart constructor.
data DeleteArchiveRule
DeleteArchiveRule' :: Maybe Text -> Text -> Text -> DeleteArchiveRule

-- | Create a value of <a>DeleteArchiveRule</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:clientToken:DeleteArchiveRule'</a>,
--   <a>deleteArchiveRule_clientToken</a> - A client token.
--   
--   <a>$sel:analyzerName:DeleteArchiveRule'</a>,
--   <a>deleteArchiveRule_analyzerName</a> - The name of the analyzer that
--   associated with the archive rule to delete.
--   
--   <a>DeleteArchiveRule</a>, <a>deleteArchiveRule_ruleName</a> - The name
--   of the rule to delete.
newDeleteArchiveRule :: Text -> Text -> DeleteArchiveRule

-- | <i>See:</i> <a>newDeleteArchiveRuleResponse</a> smart constructor.
data DeleteArchiveRuleResponse
DeleteArchiveRuleResponse' :: DeleteArchiveRuleResponse

-- | Create a value of <a>DeleteArchiveRuleResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newDeleteArchiveRuleResponse :: DeleteArchiveRuleResponse

-- | <i>See:</i> <a>newGetAccessPreview</a> smart constructor.
data GetAccessPreview
GetAccessPreview' :: Text -> Text -> GetAccessPreview

-- | Create a value of <a>GetAccessPreview</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accessPreviewId:GetAccessPreview'</a>,
--   <a>getAccessPreview_accessPreviewId</a> - The unique ID for the access
--   preview.
--   
--   <a>GetAccessPreview</a>, <a>getAccessPreview_analyzerArn</a> - The
--   <a>ARN of the analyzer</a> used to generate the access preview.
newGetAccessPreview :: Text -> Text -> GetAccessPreview

-- | <i>See:</i> <a>newGetAccessPreviewResponse</a> smart constructor.
data GetAccessPreviewResponse
GetAccessPreviewResponse' :: Int -> AccessPreview -> GetAccessPreviewResponse

-- | Create a value of <a>GetAccessPreviewResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:GetAccessPreviewResponse'</a>,
--   <a>getAccessPreviewResponse_httpStatus</a> - The response's http
--   status code.
--   
--   <a>$sel:accessPreview:GetAccessPreviewResponse'</a>,
--   <a>getAccessPreviewResponse_accessPreview</a> - An object that
--   contains information about the access preview.
newGetAccessPreviewResponse :: Int -> AccessPreview -> GetAccessPreviewResponse

-- | Retrieves an analyzed resource.
--   
--   <i>See:</i> <a>newGetAnalyzedResource</a> smart constructor.
data GetAnalyzedResource
GetAnalyzedResource' :: Text -> Text -> GetAnalyzedResource

-- | Create a value of <a>GetAnalyzedResource</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>GetAnalyzedResource</a>, <a>getAnalyzedResource_analyzerArn</a> -
--   The <a>ARN of the analyzer</a> to retrieve information from.
--   
--   <a>GetAnalyzedResource</a>, <a>getAnalyzedResource_resourceArn</a> -
--   The ARN of the resource to retrieve information about.
newGetAnalyzedResource :: Text -> Text -> GetAnalyzedResource

-- | The response to the request.
--   
--   <i>See:</i> <a>newGetAnalyzedResourceResponse</a> smart constructor.
data GetAnalyzedResourceResponse
GetAnalyzedResourceResponse' :: Maybe AnalyzedResource -> Int -> GetAnalyzedResourceResponse

-- | Create a value of <a>GetAnalyzedResourceResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>GetAnalyzedResourceResponse</a>,
--   <a>getAnalyzedResourceResponse_resource</a> - An
--   <tt>AnalyzedResource</tt> object that contains information that IAM
--   Access Analyzer found when it analyzed the resource.
--   
--   <a>$sel:httpStatus:GetAnalyzedResourceResponse'</a>,
--   <a>getAnalyzedResourceResponse_httpStatus</a> - The response's http
--   status code.
newGetAnalyzedResourceResponse :: Int -> GetAnalyzedResourceResponse

-- | Retrieves an analyzer.
--   
--   <i>See:</i> <a>newGetAnalyzer</a> smart constructor.
data GetAnalyzer
GetAnalyzer' :: Text -> GetAnalyzer

-- | Create a value of <a>GetAnalyzer</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:analyzerName:GetAnalyzer'</a>, <a>getAnalyzer_analyzerName</a>
--   - The name of the analyzer retrieved.
newGetAnalyzer :: Text -> GetAnalyzer

-- | The response to the request.
--   
--   <i>See:</i> <a>newGetAnalyzerResponse</a> smart constructor.
data GetAnalyzerResponse
GetAnalyzerResponse' :: Int -> AnalyzerSummary -> GetAnalyzerResponse

-- | Create a value of <a>GetAnalyzerResponse</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:GetAnalyzerResponse'</a>,
--   <a>getAnalyzerResponse_httpStatus</a> - The response's http status
--   code.
--   
--   <a>$sel:analyzer:GetAnalyzerResponse'</a>,
--   <a>getAnalyzerResponse_analyzer</a> - An <tt>AnalyzerSummary</tt>
--   object that contains information about the analyzer.
newGetAnalyzerResponse :: Int -> AnalyzerSummary -> GetAnalyzerResponse

-- | Retrieves an archive rule.
--   
--   <i>See:</i> <a>newGetArchiveRule</a> smart constructor.
data GetArchiveRule
GetArchiveRule' :: Text -> Text -> GetArchiveRule

-- | Create a value of <a>GetArchiveRule</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:analyzerName:GetArchiveRule'</a>,
--   <a>getArchiveRule_analyzerName</a> - The name of the analyzer to
--   retrieve rules from.
--   
--   <a>GetArchiveRule</a>, <a>getArchiveRule_ruleName</a> - The name of
--   the rule to retrieve.
newGetArchiveRule :: Text -> Text -> GetArchiveRule

-- | The response to the request.
--   
--   <i>See:</i> <a>newGetArchiveRuleResponse</a> smart constructor.
data GetArchiveRuleResponse
GetArchiveRuleResponse' :: Int -> ArchiveRuleSummary -> GetArchiveRuleResponse

-- | Create a value of <a>GetArchiveRuleResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:GetArchiveRuleResponse'</a>,
--   <a>getArchiveRuleResponse_httpStatus</a> - The response's http status
--   code.
--   
--   <a>$sel:archiveRule:GetArchiveRuleResponse'</a>,
--   <a>getArchiveRuleResponse_archiveRule</a> - Undocumented member.
newGetArchiveRuleResponse :: Int -> ArchiveRuleSummary -> GetArchiveRuleResponse

-- | Retrieves a finding.
--   
--   <i>See:</i> <a>newGetFinding</a> smart constructor.
data GetFinding
GetFinding' :: Text -> Text -> GetFinding

-- | Create a value of <a>GetFinding</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>GetFinding</a>, <a>getFinding_analyzerArn</a> - The <a>ARN of the
--   analyzer</a> that generated the finding.
--   
--   <a>GetFinding</a>, <a>getFinding_id</a> - The ID of the finding to
--   retrieve.
newGetFinding :: Text -> Text -> GetFinding

-- | The response to the request.
--   
--   <i>See:</i> <a>newGetFindingResponse</a> smart constructor.
data GetFindingResponse
GetFindingResponse' :: Maybe Finding -> Int -> GetFindingResponse

-- | Create a value of <a>GetFindingResponse</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:finding:GetFindingResponse'</a>,
--   <a>getFindingResponse_finding</a> - A <tt>finding</tt> object that
--   contains finding details.
--   
--   <a>$sel:httpStatus:GetFindingResponse'</a>,
--   <a>getFindingResponse_httpStatus</a> - The response's http status
--   code.
newGetFindingResponse :: Int -> GetFindingResponse

-- | <i>See:</i> <a>newGetGeneratedPolicy</a> smart constructor.
data GetGeneratedPolicy
GetGeneratedPolicy' :: Maybe Bool -> Maybe Bool -> Text -> GetGeneratedPolicy

-- | Create a value of <a>GetGeneratedPolicy</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:includeResourcePlaceholders:GetGeneratedPolicy'</a>,
--   <a>getGeneratedPolicy_includeResourcePlaceholders</a> - The level of
--   detail that you want to generate. You can specify whether to generate
--   policies with placeholders for resource ARNs for actions that support
--   resource level granularity in policies.
--   
--   For example, in the resource section of a policy, you can receive a
--   placeholder such as <tt>"Resource":"arn:aws:s3:::${BucketName}"</tt>
--   instead of <tt>"*"</tt>.
--   
--   <a>$sel:includeServiceLevelTemplate:GetGeneratedPolicy'</a>,
--   <a>getGeneratedPolicy_includeServiceLevelTemplate</a> - The level of
--   detail that you want to generate. You can specify whether to generate
--   service-level policies.
--   
--   IAM Access Analyzer uses <tt>iam:servicelastaccessed</tt> to identify
--   services that have been used recently to create this service-level
--   template.
--   
--   <a>GetGeneratedPolicy</a>, <a>getGeneratedPolicy_jobId</a> - The
--   <tt>JobId</tt> that is returned by the <tt>StartPolicyGeneration</tt>
--   operation. The <tt>JobId</tt> can be used with
--   <tt>GetGeneratedPolicy</tt> to retrieve the generated policies or used
--   with <tt>CancelPolicyGeneration</tt> to cancel the policy generation
--   request.
newGetGeneratedPolicy :: Text -> GetGeneratedPolicy

-- | <i>See:</i> <a>newGetGeneratedPolicyResponse</a> smart constructor.
data GetGeneratedPolicyResponse
GetGeneratedPolicyResponse' :: Int -> JobDetails -> GeneratedPolicyResult -> GetGeneratedPolicyResponse

-- | Create a value of <a>GetGeneratedPolicyResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:GetGeneratedPolicyResponse'</a>,
--   <a>getGeneratedPolicyResponse_httpStatus</a> - The response's http
--   status code.
--   
--   <a>$sel:jobDetails:GetGeneratedPolicyResponse'</a>,
--   <a>getGeneratedPolicyResponse_jobDetails</a> - A
--   <tt>GeneratedPolicyDetails</tt> object that contains details about the
--   generated policy.
--   
--   <a>$sel:generatedPolicyResult:GetGeneratedPolicyResponse'</a>,
--   <a>getGeneratedPolicyResponse_generatedPolicyResult</a> - A
--   <tt>GeneratedPolicyResult</tt> object that contains the generated
--   policies and associated details.
newGetGeneratedPolicyResponse :: Int -> JobDetails -> GeneratedPolicyResult -> GetGeneratedPolicyResponse

-- | <i>See:</i> <a>newListAccessPreviewFindings</a> smart constructor.
data ListAccessPreviewFindings
ListAccessPreviewFindings' :: Maybe (HashMap Text Criterion) -> Maybe Int -> Maybe Text -> Text -> Text -> ListAccessPreviewFindings

-- | Create a value of <a>ListAccessPreviewFindings</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListAccessPreviewFindings</a>,
--   <a>listAccessPreviewFindings_filter</a> - Criteria to filter the
--   returned findings.
--   
--   <a>$sel:maxResults:ListAccessPreviewFindings'</a>,
--   <a>listAccessPreviewFindings_maxResults</a> - The maximum number of
--   results to return in the response.
--   
--   <a>ListAccessPreviewFindings</a>,
--   <a>listAccessPreviewFindings_nextToken</a> - A token used for
--   pagination of results returned.
--   
--   <a>$sel:accessPreviewId:ListAccessPreviewFindings'</a>,
--   <a>listAccessPreviewFindings_accessPreviewId</a> - The unique ID for
--   the access preview.
--   
--   <a>ListAccessPreviewFindings</a>,
--   <a>listAccessPreviewFindings_analyzerArn</a> - The <a>ARN of the
--   analyzer</a> used to generate the access.
newListAccessPreviewFindings :: Text -> Text -> ListAccessPreviewFindings

-- | <i>See:</i> <a>newListAccessPreviewFindingsResponse</a> smart
--   constructor.
data ListAccessPreviewFindingsResponse
ListAccessPreviewFindingsResponse' :: Maybe Text -> Int -> [AccessPreviewFinding] -> ListAccessPreviewFindingsResponse

-- | Create a value of <a>ListAccessPreviewFindingsResponse</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListAccessPreviewFindings</a>,
--   <a>listAccessPreviewFindingsResponse_nextToken</a> - A token used for
--   pagination of results returned.
--   
--   <a>$sel:httpStatus:ListAccessPreviewFindingsResponse'</a>,
--   <a>listAccessPreviewFindingsResponse_httpStatus</a> - The response's
--   http status code.
--   
--   <a>$sel:findings:ListAccessPreviewFindingsResponse'</a>,
--   <a>listAccessPreviewFindingsResponse_findings</a> - A list of access
--   preview findings that match the specified filter criteria.
newListAccessPreviewFindingsResponse :: Int -> ListAccessPreviewFindingsResponse

-- | <i>See:</i> <a>newListAccessPreviews</a> smart constructor.
data ListAccessPreviews
ListAccessPreviews' :: Maybe Int -> Maybe Text -> Text -> ListAccessPreviews

-- | Create a value of <a>ListAccessPreviews</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:maxResults:ListAccessPreviews'</a>,
--   <a>listAccessPreviews_maxResults</a> - The maximum number of results
--   to return in the response.
--   
--   <a>ListAccessPreviews</a>, <a>listAccessPreviews_nextToken</a> - A
--   token used for pagination of results returned.
--   
--   <a>ListAccessPreviews</a>, <a>listAccessPreviews_analyzerArn</a> - The
--   <a>ARN of the analyzer</a> used to generate the access preview.
newListAccessPreviews :: Text -> ListAccessPreviews

-- | <i>See:</i> <a>newListAccessPreviewsResponse</a> smart constructor.
data ListAccessPreviewsResponse
ListAccessPreviewsResponse' :: Maybe Text -> Int -> [AccessPreviewSummary] -> ListAccessPreviewsResponse

-- | Create a value of <a>ListAccessPreviewsResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListAccessPreviews</a>, <a>listAccessPreviewsResponse_nextToken</a>
--   - A token used for pagination of results returned.
--   
--   <a>$sel:httpStatus:ListAccessPreviewsResponse'</a>,
--   <a>listAccessPreviewsResponse_httpStatus</a> - The response's http
--   status code.
--   
--   <a>$sel:accessPreviews:ListAccessPreviewsResponse'</a>,
--   <a>listAccessPreviewsResponse_accessPreviews</a> - A list of access
--   previews retrieved for the analyzer.
newListAccessPreviewsResponse :: Int -> ListAccessPreviewsResponse

-- | Retrieves a list of resources that have been analyzed.
--   
--   <i>See:</i> <a>newListAnalyzedResources</a> smart constructor.
data ListAnalyzedResources
ListAnalyzedResources' :: Maybe Int -> Maybe Text -> Maybe ResourceType -> Text -> ListAnalyzedResources

-- | Create a value of <a>ListAnalyzedResources</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:maxResults:ListAnalyzedResources'</a>,
--   <a>listAnalyzedResources_maxResults</a> - The maximum number of
--   results to return in the response.
--   
--   <a>ListAnalyzedResources</a>, <a>listAnalyzedResources_nextToken</a> -
--   A token used for pagination of results returned.
--   
--   <a>ListAnalyzedResources</a>,
--   <a>listAnalyzedResources_resourceType</a> - The type of resource.
--   
--   <a>ListAnalyzedResources</a>, <a>listAnalyzedResources_analyzerArn</a>
--   - The <a>ARN of the analyzer</a> to retrieve a list of analyzed
--   resources from.
newListAnalyzedResources :: Text -> ListAnalyzedResources

-- | The response to the request.
--   
--   <i>See:</i> <a>newListAnalyzedResourcesResponse</a> smart constructor.
data ListAnalyzedResourcesResponse
ListAnalyzedResourcesResponse' :: Maybe Text -> Int -> [AnalyzedResourceSummary] -> ListAnalyzedResourcesResponse

-- | Create a value of <a>ListAnalyzedResourcesResponse</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListAnalyzedResources</a>,
--   <a>listAnalyzedResourcesResponse_nextToken</a> - A token used for
--   pagination of results returned.
--   
--   <a>$sel:httpStatus:ListAnalyzedResourcesResponse'</a>,
--   <a>listAnalyzedResourcesResponse_httpStatus</a> - The response's http
--   status code.
--   
--   <a>$sel:analyzedResources:ListAnalyzedResourcesResponse'</a>,
--   <a>listAnalyzedResourcesResponse_analyzedResources</a> - A list of
--   resources that were analyzed.
newListAnalyzedResourcesResponse :: Int -> ListAnalyzedResourcesResponse

-- | Retrieves a list of analyzers.
--   
--   <i>See:</i> <a>newListAnalyzers</a> smart constructor.
data ListAnalyzers
ListAnalyzers' :: Maybe Int -> Maybe Text -> Maybe Type -> ListAnalyzers

-- | Create a value of <a>ListAnalyzers</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:maxResults:ListAnalyzers'</a>, <a>listAnalyzers_maxResults</a>
--   - The maximum number of results to return in the response.
--   
--   <a>ListAnalyzers</a>, <a>listAnalyzers_nextToken</a> - A token used
--   for pagination of results returned.
--   
--   <a>ListAnalyzers</a>, <a>listAnalyzers_type</a> - The type of
--   analyzer.
newListAnalyzers :: ListAnalyzers

-- | The response to the request.
--   
--   <i>See:</i> <a>newListAnalyzersResponse</a> smart constructor.
data ListAnalyzersResponse
ListAnalyzersResponse' :: Maybe Text -> Int -> [AnalyzerSummary] -> ListAnalyzersResponse

-- | Create a value of <a>ListAnalyzersResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListAnalyzers</a>, <a>listAnalyzersResponse_nextToken</a> - A token
--   used for pagination of results returned.
--   
--   <a>$sel:httpStatus:ListAnalyzersResponse'</a>,
--   <a>listAnalyzersResponse_httpStatus</a> - The response's http status
--   code.
--   
--   <a>$sel:analyzers:ListAnalyzersResponse'</a>,
--   <a>listAnalyzersResponse_analyzers</a> - The analyzers retrieved.
newListAnalyzersResponse :: Int -> ListAnalyzersResponse

-- | Retrieves a list of archive rules created for the specified analyzer.
--   
--   <i>See:</i> <a>newListArchiveRules</a> smart constructor.
data ListArchiveRules
ListArchiveRules' :: Maybe Int -> Maybe Text -> Text -> ListArchiveRules

-- | Create a value of <a>ListArchiveRules</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:maxResults:ListArchiveRules'</a>,
--   <a>listArchiveRules_maxResults</a> - The maximum number of results to
--   return in the request.
--   
--   <a>ListArchiveRules</a>, <a>listArchiveRules_nextToken</a> - A token
--   used for pagination of results returned.
--   
--   <a>$sel:analyzerName:ListArchiveRules'</a>,
--   <a>listArchiveRules_analyzerName</a> - The name of the analyzer to
--   retrieve rules from.
newListArchiveRules :: Text -> ListArchiveRules

-- | The response to the request.
--   
--   <i>See:</i> <a>newListArchiveRulesResponse</a> smart constructor.
data ListArchiveRulesResponse
ListArchiveRulesResponse' :: Maybe Text -> Int -> [ArchiveRuleSummary] -> ListArchiveRulesResponse

-- | Create a value of <a>ListArchiveRulesResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListArchiveRules</a>, <a>listArchiveRulesResponse_nextToken</a> - A
--   token used for pagination of results returned.
--   
--   <a>$sel:httpStatus:ListArchiveRulesResponse'</a>,
--   <a>listArchiveRulesResponse_httpStatus</a> - The response's http
--   status code.
--   
--   <a>$sel:archiveRules:ListArchiveRulesResponse'</a>,
--   <a>listArchiveRulesResponse_archiveRules</a> - A list of archive rules
--   created for the specified analyzer.
newListArchiveRulesResponse :: Int -> ListArchiveRulesResponse

-- | Retrieves a list of findings generated by the specified analyzer.
--   
--   <i>See:</i> <a>newListFindings</a> smart constructor.
data ListFindings
ListFindings' :: Maybe (HashMap Text Criterion) -> Maybe Int -> Maybe Text -> Maybe SortCriteria -> Text -> ListFindings

-- | Create a value of <a>ListFindings</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListFindings</a>, <a>listFindings_filter</a> - A filter to match
--   for the findings to return.
--   
--   <a>$sel:maxResults:ListFindings'</a>, <a>listFindings_maxResults</a> -
--   The maximum number of results to return in the response.
--   
--   <a>ListFindings</a>, <a>listFindings_nextToken</a> - A token used for
--   pagination of results returned.
--   
--   <a>$sel:sort:ListFindings'</a>, <a>listFindings_sort</a> - The sort
--   order for the findings returned.
--   
--   <a>ListFindings</a>, <a>listFindings_analyzerArn</a> - The <a>ARN of
--   the analyzer</a> to retrieve findings from.
newListFindings :: Text -> ListFindings

-- | The response to the request.
--   
--   <i>See:</i> <a>newListFindingsResponse</a> smart constructor.
data ListFindingsResponse
ListFindingsResponse' :: Maybe Text -> Int -> [FindingSummary] -> ListFindingsResponse

-- | Create a value of <a>ListFindingsResponse</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListFindings</a>, <a>listFindingsResponse_nextToken</a> - A token
--   used for pagination of results returned.
--   
--   <a>$sel:httpStatus:ListFindingsResponse'</a>,
--   <a>listFindingsResponse_httpStatus</a> - The response's http status
--   code.
--   
--   <a>$sel:findings:ListFindingsResponse'</a>,
--   <a>listFindingsResponse_findings</a> - A list of findings retrieved
--   from the analyzer that match the filter criteria specified, if any.
newListFindingsResponse :: Int -> ListFindingsResponse

-- | <i>See:</i> <a>newListPolicyGenerations</a> smart constructor.
data ListPolicyGenerations
ListPolicyGenerations' :: Maybe Natural -> Maybe Text -> Maybe Text -> ListPolicyGenerations

-- | Create a value of <a>ListPolicyGenerations</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:maxResults:ListPolicyGenerations'</a>,
--   <a>listPolicyGenerations_maxResults</a> - The maximum number of
--   results to return in the response.
--   
--   <a>ListPolicyGenerations</a>, <a>listPolicyGenerations_nextToken</a> -
--   A token used for pagination of results returned.
--   
--   <a>ListPolicyGenerations</a>,
--   <a>listPolicyGenerations_principalArn</a> - The ARN of the IAM entity
--   (user or role) for which you are generating a policy. Use this with
--   <tt>ListGeneratedPolicies</tt> to filter the results to only include
--   results for a specific principal.
newListPolicyGenerations :: ListPolicyGenerations

-- | <i>See:</i> <a>newListPolicyGenerationsResponse</a> smart constructor.
data ListPolicyGenerationsResponse
ListPolicyGenerationsResponse' :: Maybe Text -> Int -> [PolicyGeneration] -> ListPolicyGenerationsResponse

-- | Create a value of <a>ListPolicyGenerationsResponse</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListPolicyGenerations</a>,
--   <a>listPolicyGenerationsResponse_nextToken</a> - A token used for
--   pagination of results returned.
--   
--   <a>$sel:httpStatus:ListPolicyGenerationsResponse'</a>,
--   <a>listPolicyGenerationsResponse_httpStatus</a> - The response's http
--   status code.
--   
--   <a>$sel:policyGenerations:ListPolicyGenerationsResponse'</a>,
--   <a>listPolicyGenerationsResponse_policyGenerations</a> - A
--   <tt>PolicyGeneration</tt> object that contains details about the
--   generated policy.
newListPolicyGenerationsResponse :: Int -> ListPolicyGenerationsResponse

-- | Retrieves a list of tags applied to the specified resource.
--   
--   <i>See:</i> <a>newListTagsForResource</a> smart constructor.
data ListTagsForResource
ListTagsForResource' :: Text -> ListTagsForResource

-- | Create a value of <a>ListTagsForResource</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListTagsForResource</a>, <a>listTagsForResource_resourceArn</a> -
--   The ARN of the resource to retrieve tags from.
newListTagsForResource :: Text -> ListTagsForResource

-- | The response to the request.
--   
--   <i>See:</i> <a>newListTagsForResourceResponse</a> smart constructor.
data ListTagsForResourceResponse
ListTagsForResourceResponse' :: Maybe (HashMap Text Text) -> Int -> ListTagsForResourceResponse

-- | Create a value of <a>ListTagsForResourceResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ListTagsForResourceResponse</a>,
--   <a>listTagsForResourceResponse_tags</a> - The tags that are applied to
--   the specified resource.
--   
--   <a>$sel:httpStatus:ListTagsForResourceResponse'</a>,
--   <a>listTagsForResourceResponse_httpStatus</a> - The response's http
--   status code.
newListTagsForResourceResponse :: Int -> ListTagsForResourceResponse

-- | <i>See:</i> <a>newStartPolicyGeneration</a> smart constructor.
data StartPolicyGeneration
StartPolicyGeneration' :: Maybe Text -> Maybe CloudTrailDetails -> PolicyGenerationDetails -> StartPolicyGeneration

-- | Create a value of <a>StartPolicyGeneration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:clientToken:StartPolicyGeneration'</a>,
--   <a>startPolicyGeneration_clientToken</a> - A unique, case-sensitive
--   identifier that you provide to ensure the idempotency of the request.
--   Idempotency ensures that an API request completes only once. With an
--   idempotent request, if the original request completes successfully,
--   the subsequent retries with the same client token return the result
--   from the original successful request and they have no additional
--   effect.
--   
--   If you do not specify a client token, one is automatically generated
--   by the Amazon Web Services SDK.
--   
--   <a>$sel:cloudTrailDetails:StartPolicyGeneration'</a>,
--   <a>startPolicyGeneration_cloudTrailDetails</a> - A
--   <tt>CloudTrailDetails</tt> object that contains details about a
--   <tt>Trail</tt> that you want to analyze to generate policies.
--   
--   <a>$sel:policyGenerationDetails:StartPolicyGeneration'</a>,
--   <a>startPolicyGeneration_policyGenerationDetails</a> - Contains the
--   ARN of the IAM entity (user or role) for which you are generating a
--   policy.
newStartPolicyGeneration :: PolicyGenerationDetails -> StartPolicyGeneration

-- | <i>See:</i> <a>newStartPolicyGenerationResponse</a> smart constructor.
data StartPolicyGenerationResponse
StartPolicyGenerationResponse' :: Int -> Text -> StartPolicyGenerationResponse

-- | Create a value of <a>StartPolicyGenerationResponse</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:StartPolicyGenerationResponse'</a>,
--   <a>startPolicyGenerationResponse_httpStatus</a> - The response's http
--   status code.
--   
--   <a>StartPolicyGenerationResponse</a>,
--   <a>startPolicyGenerationResponse_jobId</a> - The <tt>JobId</tt> that
--   is returned by the <tt>StartPolicyGeneration</tt> operation. The
--   <tt>JobId</tt> can be used with <tt>GetGeneratedPolicy</tt> to
--   retrieve the generated policies or used with
--   <tt>CancelPolicyGeneration</tt> to cancel the policy generation
--   request.
newStartPolicyGenerationResponse :: Int -> Text -> StartPolicyGenerationResponse

-- | Starts a scan of the policies applied to the specified resource.
--   
--   <i>See:</i> <a>newStartResourceScan</a> smart constructor.
data StartResourceScan
StartResourceScan' :: Maybe Text -> Text -> Text -> StartResourceScan

-- | Create a value of <a>StartResourceScan</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>StartResourceScan</a>,
--   <a>startResourceScan_resourceOwnerAccount</a> - The Amazon Web
--   Services account ID that owns the resource. For most Amazon Web
--   Services resources, the owning account is the account in which the
--   resource was created.
--   
--   <a>StartResourceScan</a>, <a>startResourceScan_analyzerArn</a> - The
--   <a>ARN of the analyzer</a> to use to scan the policies applied to the
--   specified resource.
--   
--   <a>StartResourceScan</a>, <a>startResourceScan_resourceArn</a> - The
--   ARN of the resource to scan.
newStartResourceScan :: Text -> Text -> StartResourceScan

-- | <i>See:</i> <a>newStartResourceScanResponse</a> smart constructor.
data StartResourceScanResponse
StartResourceScanResponse' :: StartResourceScanResponse

-- | Create a value of <a>StartResourceScanResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newStartResourceScanResponse :: StartResourceScanResponse

-- | Adds a tag to the specified resource.
--   
--   <i>See:</i> <a>newTagResource</a> smart constructor.
data TagResource
TagResource' :: Text -> HashMap Text Text -> TagResource

-- | Create a value of <a>TagResource</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>TagResource</a>, <a>tagResource_resourceArn</a> - The ARN of the
--   resource to add the tag to.
--   
--   <a>TagResource</a>, <a>tagResource_tags</a> - The tags to add to the
--   resource.
newTagResource :: Text -> TagResource

-- | The response to the request.
--   
--   <i>See:</i> <a>newTagResourceResponse</a> smart constructor.
data TagResourceResponse
TagResourceResponse' :: Int -> TagResourceResponse

-- | Create a value of <a>TagResourceResponse</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:TagResourceResponse'</a>,
--   <a>tagResourceResponse_httpStatus</a> - The response's http status
--   code.
newTagResourceResponse :: Int -> TagResourceResponse

-- | Removes a tag from the specified resource.
--   
--   <i>See:</i> <a>newUntagResource</a> smart constructor.
data UntagResource
UntagResource' :: Text -> [Text] -> UntagResource

-- | Create a value of <a>UntagResource</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>UntagResource</a>, <a>untagResource_resourceArn</a> - The ARN of
--   the resource to remove the tag from.
--   
--   <a>$sel:tagKeys:UntagResource'</a>, <a>untagResource_tagKeys</a> - The
--   key for the tag to add.
newUntagResource :: Text -> UntagResource

-- | The response to the request.
--   
--   <i>See:</i> <a>newUntagResourceResponse</a> smart constructor.
data UntagResourceResponse
UntagResourceResponse' :: Int -> UntagResourceResponse

-- | Create a value of <a>UntagResourceResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:httpStatus:UntagResourceResponse'</a>,
--   <a>untagResourceResponse_httpStatus</a> - The response's http status
--   code.
newUntagResourceResponse :: Int -> UntagResourceResponse

-- | Updates the specified archive rule.
--   
--   <i>See:</i> <a>newUpdateArchiveRule</a> smart constructor.
data UpdateArchiveRule
UpdateArchiveRule' :: Maybe Text -> Text -> Text -> HashMap Text Criterion -> UpdateArchiveRule

-- | Create a value of <a>UpdateArchiveRule</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:clientToken:UpdateArchiveRule'</a>,
--   <a>updateArchiveRule_clientToken</a> - A client token.
--   
--   <a>$sel:analyzerName:UpdateArchiveRule'</a>,
--   <a>updateArchiveRule_analyzerName</a> - The name of the analyzer to
--   update the archive rules for.
--   
--   <a>UpdateArchiveRule</a>, <a>updateArchiveRule_ruleName</a> - The name
--   of the rule to update.
--   
--   <a>UpdateArchiveRule</a>, <a>updateArchiveRule_filter</a> - A filter
--   to match for the rules to update. Only rules that match the filter are
--   updated.
newUpdateArchiveRule :: Text -> Text -> UpdateArchiveRule

-- | <i>See:</i> <a>newUpdateArchiveRuleResponse</a> smart constructor.
data UpdateArchiveRuleResponse
UpdateArchiveRuleResponse' :: UpdateArchiveRuleResponse

-- | Create a value of <a>UpdateArchiveRuleResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newUpdateArchiveRuleResponse :: UpdateArchiveRuleResponse

-- | Updates findings with the new values provided in the request.
--   
--   <i>See:</i> <a>newUpdateFindings</a> smart constructor.
data UpdateFindings
UpdateFindings' :: Maybe Text -> Maybe [Text] -> Maybe Text -> Text -> FindingStatusUpdate -> UpdateFindings

-- | Create a value of <a>UpdateFindings</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:clientToken:UpdateFindings'</a>,
--   <a>updateFindings_clientToken</a> - A client token.
--   
--   <a>$sel:ids:UpdateFindings'</a>, <a>updateFindings_ids</a> - The IDs
--   of the findings to update.
--   
--   <a>UpdateFindings</a>, <a>updateFindings_resourceArn</a> - The ARN of
--   the resource identified in the finding.
--   
--   <a>UpdateFindings</a>, <a>updateFindings_analyzerArn</a> - The <a>ARN
--   of the analyzer</a> that generated the findings to update.
--   
--   <a>UpdateFindings</a>, <a>updateFindings_status</a> - The state
--   represents the action to take to update the finding Status. Use
--   <tt>ARCHIVE</tt> to change an Active finding to an Archived finding.
--   Use <tt>ACTIVE</tt> to change an Archived finding to an Active
--   finding.
newUpdateFindings :: Text -> FindingStatusUpdate -> UpdateFindings

-- | <i>See:</i> <a>newUpdateFindingsResponse</a> smart constructor.
data UpdateFindingsResponse
UpdateFindingsResponse' :: UpdateFindingsResponse

-- | Create a value of <a>UpdateFindingsResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newUpdateFindingsResponse :: UpdateFindingsResponse

-- | <i>See:</i> <a>newValidatePolicy</a> smart constructor.
data ValidatePolicy
ValidatePolicy' :: Maybe Locale -> Maybe Int -> Maybe Text -> Maybe ValidatePolicyResourceType -> Text -> PolicyType -> ValidatePolicy

-- | Create a value of <a>ValidatePolicy</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:locale:ValidatePolicy'</a>, <a>validatePolicy_locale</a> - The
--   locale to use for localizing the findings.
--   
--   <a>$sel:maxResults:ValidatePolicy'</a>,
--   <a>validatePolicy_maxResults</a> - The maximum number of results to
--   return in the response.
--   
--   <a>ValidatePolicy</a>, <a>validatePolicy_nextToken</a> - A token used
--   for pagination of results returned.
--   
--   <a>$sel:validatePolicyResourceType:ValidatePolicy'</a>,
--   <a>validatePolicy_validatePolicyResourceType</a> - The type of
--   resource to attach to your resource policy. Specify a value for the
--   policy validation resource type only if the policy type is
--   <tt>RESOURCE_POLICY</tt>. For example, to validate a resource policy
--   to attach to an Amazon S3 bucket, you can choose
--   <tt>AWS::S3::Bucket</tt> for the policy validation resource type.
--   
--   For resource types not supported as valid values, IAM Access Analyzer
--   runs policy checks that apply to all resource policies. For example,
--   to validate a resource policy to attach to a KMS key, do not specify a
--   value for the policy validation resource type and IAM Access Analyzer
--   will run policy checks that apply to all resource policies.
--   
--   <a>$sel:policyDocument:ValidatePolicy'</a>,
--   <a>validatePolicy_policyDocument</a> - The JSON policy document to use
--   as the content for the policy.
--   
--   <a>$sel:policyType:ValidatePolicy'</a>,
--   <a>validatePolicy_policyType</a> - The type of policy to validate.
--   Identity policies grant permissions to IAM principals. Identity
--   policies include managed and inline policies for IAM roles, users, and
--   groups. They also include service-control policies (SCPs) that are
--   attached to an Amazon Web Services organization, organizational unit
--   (OU), or an account.
--   
--   Resource policies grant permissions on Amazon Web Services resources.
--   Resource policies include trust policies for IAM roles and bucket
--   policies for Amazon S3 buckets. You can provide a generic input such
--   as identity policy or resource policy or a specific input such as
--   managed policy or Amazon S3 bucket policy.
newValidatePolicy :: Text -> PolicyType -> ValidatePolicy

-- | <i>See:</i> <a>newValidatePolicyResponse</a> smart constructor.
data ValidatePolicyResponse
ValidatePolicyResponse' :: Maybe Text -> Int -> [ValidatePolicyFinding] -> ValidatePolicyResponse

-- | Create a value of <a>ValidatePolicyResponse</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>ValidatePolicy</a>, <a>validatePolicyResponse_nextToken</a> - A
--   token used for pagination of results returned.
--   
--   <a>$sel:httpStatus:ValidatePolicyResponse'</a>,
--   <a>validatePolicyResponse_httpStatus</a> - The response's http status
--   code.
--   
--   <a>$sel:findings:ValidatePolicyResponse'</a>,
--   <a>validatePolicyResponse_findings</a> - The list of findings in a
--   policy returned by IAM Access Analyzer based on its suite of policy
--   checks.
newValidatePolicyResponse :: Int -> ValidatePolicyResponse
newtype AccessPreviewStatus
AccessPreviewStatus' :: Text -> AccessPreviewStatus
[fromAccessPreviewStatus] :: AccessPreviewStatus -> Text
pattern AccessPreviewStatus_COMPLETED :: AccessPreviewStatus
pattern AccessPreviewStatus_CREATING :: AccessPreviewStatus
pattern AccessPreviewStatus_FAILED :: AccessPreviewStatus
newtype AccessPreviewStatusReasonCode
AccessPreviewStatusReasonCode' :: Text -> AccessPreviewStatusReasonCode
[fromAccessPreviewStatusReasonCode] :: AccessPreviewStatusReasonCode -> Text
pattern AccessPreviewStatusReasonCode_INTERNAL_ERROR :: AccessPreviewStatusReasonCode
pattern AccessPreviewStatusReasonCode_INVALID_CONFIGURATION :: AccessPreviewStatusReasonCode
newtype AclPermission
AclPermission' :: Text -> AclPermission
[fromAclPermission] :: AclPermission -> Text
pattern AclPermission_FULL_CONTROL :: AclPermission
pattern AclPermission_READ :: AclPermission
pattern AclPermission_READ_ACP :: AclPermission
pattern AclPermission_WRITE :: AclPermission
pattern AclPermission_WRITE_ACP :: AclPermission
newtype AnalyzerStatus
AnalyzerStatus' :: Text -> AnalyzerStatus
[fromAnalyzerStatus] :: AnalyzerStatus -> Text
pattern AnalyzerStatus_ACTIVE :: AnalyzerStatus
pattern AnalyzerStatus_CREATING :: AnalyzerStatus
pattern AnalyzerStatus_DISABLED :: AnalyzerStatus
pattern AnalyzerStatus_FAILED :: AnalyzerStatus
newtype FindingChangeType
FindingChangeType' :: Text -> FindingChangeType
[fromFindingChangeType] :: FindingChangeType -> Text
pattern FindingChangeType_CHANGED :: FindingChangeType
pattern FindingChangeType_NEW :: FindingChangeType
pattern FindingChangeType_UNCHANGED :: FindingChangeType
newtype FindingSourceType
FindingSourceType' :: Text -> FindingSourceType
[fromFindingSourceType] :: FindingSourceType -> Text
pattern FindingSourceType_BUCKET_ACL :: FindingSourceType
pattern FindingSourceType_POLICY :: FindingSourceType
pattern FindingSourceType_S3_ACCESS_POINT :: FindingSourceType
pattern FindingSourceType_S3_ACCESS_POINT_ACCOUNT :: FindingSourceType
newtype FindingStatus
FindingStatus' :: Text -> FindingStatus
[fromFindingStatus] :: FindingStatus -> Text
pattern FindingStatus_ACTIVE :: FindingStatus
pattern FindingStatus_ARCHIVED :: FindingStatus
pattern FindingStatus_RESOLVED :: FindingStatus
newtype FindingStatusUpdate
FindingStatusUpdate' :: Text -> FindingStatusUpdate
[fromFindingStatusUpdate] :: FindingStatusUpdate -> Text
pattern FindingStatusUpdate_ACTIVE :: FindingStatusUpdate
pattern FindingStatusUpdate_ARCHIVED :: FindingStatusUpdate
newtype JobErrorCode
JobErrorCode' :: Text -> JobErrorCode
[fromJobErrorCode] :: JobErrorCode -> Text
pattern JobErrorCode_AUTHORIZATION_ERROR :: JobErrorCode
pattern JobErrorCode_RESOURCE_NOT_FOUND_ERROR :: JobErrorCode
pattern JobErrorCode_SERVICE_ERROR :: JobErrorCode
pattern JobErrorCode_SERVICE_QUOTA_EXCEEDED_ERROR :: JobErrorCode
newtype JobStatus
JobStatus' :: Text -> JobStatus
[fromJobStatus] :: JobStatus -> Text
pattern JobStatus_CANCELED :: JobStatus
pattern JobStatus_FAILED :: JobStatus
pattern JobStatus_IN_PROGRESS :: JobStatus
pattern JobStatus_SUCCEEDED :: JobStatus
newtype KmsGrantOperation
KmsGrantOperation' :: Text -> KmsGrantOperation
[fromKmsGrantOperation] :: KmsGrantOperation -> Text
pattern KmsGrantOperation_CreateGrant :: KmsGrantOperation
pattern KmsGrantOperation_Decrypt :: KmsGrantOperation
pattern KmsGrantOperation_DescribeKey :: KmsGrantOperation
pattern KmsGrantOperation_Encrypt :: KmsGrantOperation
pattern KmsGrantOperation_GenerateDataKey :: KmsGrantOperation
pattern KmsGrantOperation_GenerateDataKeyPair :: KmsGrantOperation
pattern KmsGrantOperation_GenerateDataKeyPairWithoutPlaintext :: KmsGrantOperation
pattern KmsGrantOperation_GenerateDataKeyWithoutPlaintext :: KmsGrantOperation
pattern KmsGrantOperation_GetPublicKey :: KmsGrantOperation
pattern KmsGrantOperation_ReEncryptFrom :: KmsGrantOperation
pattern KmsGrantOperation_ReEncryptTo :: KmsGrantOperation
pattern KmsGrantOperation_RetireGrant :: KmsGrantOperation
pattern KmsGrantOperation_Sign :: KmsGrantOperation
pattern KmsGrantOperation_Verify :: KmsGrantOperation
newtype Locale
Locale' :: Text -> Locale
[fromLocale] :: Locale -> Text
pattern Locale_DE :: Locale
pattern Locale_EN :: Locale
pattern Locale_ES :: Locale
pattern Locale_FR :: Locale
pattern Locale_IT :: Locale
pattern Locale_JA :: Locale
pattern Locale_KO :: Locale
pattern Locale_PT_BR :: Locale
pattern Locale_ZH_CN :: Locale
pattern Locale_ZH_TW :: Locale
newtype OrderBy
OrderBy' :: Text -> OrderBy
[fromOrderBy] :: OrderBy -> Text
pattern OrderBy_ASC :: OrderBy
pattern OrderBy_DESC :: OrderBy
newtype PolicyType
PolicyType' :: Text -> PolicyType
[fromPolicyType] :: PolicyType -> Text
pattern PolicyType_IDENTITY_POLICY :: PolicyType
pattern PolicyType_RESOURCE_POLICY :: PolicyType
pattern PolicyType_SERVICE_CONTROL_POLICY :: PolicyType
newtype ReasonCode
ReasonCode' :: Text -> ReasonCode
[fromReasonCode] :: ReasonCode -> Text
pattern ReasonCode_AWS_SERVICE_ACCESS_DISABLED :: ReasonCode
pattern ReasonCode_DELEGATED_ADMINISTRATOR_DEREGISTERED :: ReasonCode
pattern ReasonCode_ORGANIZATION_DELETED :: ReasonCode
pattern ReasonCode_SERVICE_LINKED_ROLE_CREATION_FAILED :: ReasonCode
newtype ResourceType
ResourceType' :: Text -> ResourceType
[fromResourceType] :: ResourceType -> Text
pattern ResourceType_AWS__EC2__Snapshot :: ResourceType
pattern ResourceType_AWS__ECR__Repository :: ResourceType
pattern ResourceType_AWS__EFS__FileSystem :: ResourceType
pattern ResourceType_AWS__IAM__Role :: ResourceType
pattern ResourceType_AWS__KMS__Key :: ResourceType
pattern ResourceType_AWS__Lambda__Function :: ResourceType
pattern ResourceType_AWS__Lambda__LayerVersion :: ResourceType
pattern ResourceType_AWS__RDS__DBClusterSnapshot :: ResourceType
pattern ResourceType_AWS__RDS__DBSnapshot :: ResourceType
pattern ResourceType_AWS__S3__Bucket :: ResourceType
pattern ResourceType_AWS__SNS__Topic :: ResourceType
pattern ResourceType_AWS__SQS__Queue :: ResourceType
pattern ResourceType_AWS__SecretsManager__Secret :: ResourceType
newtype Type
Type' :: Text -> Type
[fromType] :: Type -> Text
pattern Type_ACCOUNT :: Type
pattern Type_ORGANIZATION :: Type
newtype ValidatePolicyFindingType
ValidatePolicyFindingType' :: Text -> ValidatePolicyFindingType
[fromValidatePolicyFindingType] :: ValidatePolicyFindingType -> Text
pattern ValidatePolicyFindingType_ERROR :: ValidatePolicyFindingType
pattern ValidatePolicyFindingType_SECURITY_WARNING :: ValidatePolicyFindingType
pattern ValidatePolicyFindingType_SUGGESTION :: ValidatePolicyFindingType
pattern ValidatePolicyFindingType_WARNING :: ValidatePolicyFindingType
newtype ValidatePolicyResourceType
ValidatePolicyResourceType' :: Text -> ValidatePolicyResourceType
[fromValidatePolicyResourceType] :: ValidatePolicyResourceType -> Text
pattern ValidatePolicyResourceType_AWS__IAM__AssumeRolePolicyDocument :: ValidatePolicyResourceType
pattern ValidatePolicyResourceType_AWS__S3ObjectLambda__AccessPoint :: ValidatePolicyResourceType
pattern ValidatePolicyResourceType_AWS__S3__AccessPoint :: ValidatePolicyResourceType
pattern ValidatePolicyResourceType_AWS__S3__Bucket :: ValidatePolicyResourceType
pattern ValidatePolicyResourceType_AWS__S3__MultiRegionAccessPoint :: ValidatePolicyResourceType

-- | Contains information about an access preview.
--   
--   <i>See:</i> <a>newAccessPreview</a> smart constructor.
data AccessPreview
AccessPreview' :: Maybe AccessPreviewStatusReason -> Text -> Text -> HashMap Text Configuration -> ISO8601 -> AccessPreviewStatus -> AccessPreview

-- | Create a value of <a>AccessPreview</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:statusReason:AccessPreview'</a>,
--   <a>accessPreview_statusReason</a> - Provides more details about the
--   current status of the access preview.
--   
--   For example, if the creation of the access preview fails, a
--   <tt>Failed</tt> status is returned. This failure can be due to an
--   internal issue with the analysis or due to an invalid resource
--   configuration.
--   
--   <a>$sel:id:AccessPreview'</a>, <a>accessPreview_id</a> - The unique ID
--   for the access preview.
--   
--   <a>$sel:analyzerArn:AccessPreview'</a>,
--   <a>accessPreview_analyzerArn</a> - The ARN of the analyzer used to
--   generate the access preview.
--   
--   <a>$sel:configurations:AccessPreview'</a>,
--   <a>accessPreview_configurations</a> - A map of resource ARNs for the
--   proposed resource configuration.
--   
--   <a>$sel:createdAt:AccessPreview'</a>, <a>accessPreview_createdAt</a> -
--   The time at which the access preview was created.
--   
--   <a>$sel:status:AccessPreview'</a>, <a>accessPreview_status</a> - The
--   status of the access preview.
--   
--   <ul>
--   <li><tt>Creating</tt> - The access preview creation is in
--   progress.</li>
--   <li><tt>Completed</tt> - The access preview is complete. You can
--   preview findings for external access to the resource.</li>
--   <li><tt>Failed</tt> - The access preview creation has failed.</li>
--   </ul>
newAccessPreview :: Text -> Text -> UTCTime -> AccessPreviewStatus -> AccessPreview

-- | An access preview finding generated by the access preview.
--   
--   <i>See:</i> <a>newAccessPreviewFinding</a> smart constructor.
data AccessPreviewFinding
AccessPreviewFinding' :: Maybe [Text] -> Maybe (HashMap Text Text) -> Maybe Text -> Maybe Text -> Maybe FindingStatus -> Maybe Bool -> Maybe (HashMap Text Text) -> Maybe Text -> Maybe [FindingSource] -> Text -> ResourceType -> ISO8601 -> FindingChangeType -> FindingStatus -> Text -> AccessPreviewFinding

-- | Create a value of <a>AccessPreviewFinding</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:action:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_action</a> - The action in the analyzed policy
--   statement that an external principal has permission to perform.
--   
--   <a>$sel:condition:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_condition</a> - The condition in the analyzed
--   policy statement that resulted in a finding.
--   
--   <a>$sel:error:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_error</a> - An error.
--   
--   <a>$sel:existingFindingId:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_existingFindingId</a> - The existing ID of the
--   finding in IAM Access Analyzer, provided only for existing findings.
--   
--   <a>$sel:existingFindingStatus:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_existingFindingStatus</a> - The existing
--   status of the finding, provided only for existing findings.
--   
--   <a>$sel:isPublic:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_isPublic</a> - Indicates whether the policy
--   that generated the finding allows public access to the resource.
--   
--   <a>$sel:principal:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_principal</a> - The external principal that
--   has access to a resource within the zone of trust.
--   
--   <a>$sel:resource:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_resource</a> - The resource that an external
--   principal has access to. This is the resource associated with the
--   access preview.
--   
--   <a>$sel:sources:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_sources</a> - The sources of the finding. This
--   indicates how the access that generated the finding is granted. It is
--   populated for Amazon S3 bucket findings.
--   
--   <a>$sel:id:AccessPreviewFinding'</a>, <a>accessPreviewFinding_id</a> -
--   The ID of the access preview finding. This ID uniquely identifies the
--   element in the list of access preview findings and is not related to
--   the finding ID in Access Analyzer.
--   
--   <a>$sel:resourceType:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_resourceType</a> - The type of the resource
--   that can be accessed in the finding.
--   
--   <a>$sel:createdAt:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_createdAt</a> - The time at which the access
--   preview finding was created.
--   
--   <a>$sel:changeType:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_changeType</a> - Provides context on how the
--   access preview finding compares to existing access identified in IAM
--   Access Analyzer.
--   
--   <ul>
--   <li><tt>New</tt> - The finding is for newly-introduced access.</li>
--   <li><tt>Unchanged</tt> - The preview finding is an existing finding
--   that would remain unchanged.</li>
--   <li><tt>Changed</tt> - The preview finding is an existing finding with
--   a change in status.</li>
--   </ul>
--   
--   For example, a <tt>Changed</tt> finding with preview status
--   <tt>Resolved</tt> and existing status <tt>Active</tt> indicates the
--   existing <tt>Active</tt> finding would become <tt>Resolved</tt> as a
--   result of the proposed permissions change.
--   
--   <a>$sel:status:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_status</a> - The preview status of the
--   finding. This is what the status of the finding would be after
--   permissions deployment. For example, a <tt>Changed</tt> finding with
--   preview status <tt>Resolved</tt> and existing status <tt>Active</tt>
--   indicates the existing <tt>Active</tt> finding would become
--   <tt>Resolved</tt> as a result of the proposed permissions change.
--   
--   <a>$sel:resourceOwnerAccount:AccessPreviewFinding'</a>,
--   <a>accessPreviewFinding_resourceOwnerAccount</a> - The Amazon Web
--   Services account ID that owns the resource. For most Amazon Web
--   Services resources, the owning account is the account in which the
--   resource was created.
newAccessPreviewFinding :: Text -> ResourceType -> UTCTime -> FindingChangeType -> FindingStatus -> Text -> AccessPreviewFinding

-- | Provides more details about the current status of the access preview.
--   For example, if the creation of the access preview fails, a
--   <tt>Failed</tt> status is returned. This failure can be due to an
--   internal issue with the analysis or due to an invalid proposed
--   resource configuration.
--   
--   <i>See:</i> <a>newAccessPreviewStatusReason</a> smart constructor.
data AccessPreviewStatusReason
AccessPreviewStatusReason' :: AccessPreviewStatusReasonCode -> AccessPreviewStatusReason

-- | Create a value of <a>AccessPreviewStatusReason</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:code:AccessPreviewStatusReason'</a>,
--   <a>accessPreviewStatusReason_code</a> - The reason code for the
--   current status of the access preview.
newAccessPreviewStatusReason :: AccessPreviewStatusReasonCode -> AccessPreviewStatusReason

-- | Contains a summary of information about an access preview.
--   
--   <i>See:</i> <a>newAccessPreviewSummary</a> smart constructor.
data AccessPreviewSummary
AccessPreviewSummary' :: Maybe AccessPreviewStatusReason -> Text -> Text -> ISO8601 -> AccessPreviewStatus -> AccessPreviewSummary

-- | Create a value of <a>AccessPreviewSummary</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:statusReason:AccessPreviewSummary'</a>,
--   <a>accessPreviewSummary_statusReason</a> - Undocumented member.
--   
--   <a>$sel:id:AccessPreviewSummary'</a>, <a>accessPreviewSummary_id</a> -
--   The unique ID for the access preview.
--   
--   <a>$sel:analyzerArn:AccessPreviewSummary'</a>,
--   <a>accessPreviewSummary_analyzerArn</a> - The ARN of the analyzer used
--   to generate the access preview.
--   
--   <a>$sel:createdAt:AccessPreviewSummary'</a>,
--   <a>accessPreviewSummary_createdAt</a> - The time at which the access
--   preview was created.
--   
--   <a>$sel:status:AccessPreviewSummary'</a>,
--   <a>accessPreviewSummary_status</a> - The status of the access preview.
--   
--   <ul>
--   <li><tt>Creating</tt> - The access preview creation is in
--   progress.</li>
--   <li><tt>Completed</tt> - The access preview is complete and previews
--   the findings for external access to the resource.</li>
--   <li><tt>Failed</tt> - The access preview creation has failed.</li>
--   </ul>
newAccessPreviewSummary :: Text -> Text -> UTCTime -> AccessPreviewStatus -> AccessPreviewSummary

-- | You specify each grantee as a type-value pair using one of these
--   types. You can specify only one type of grantee. For more information,
--   see <a>PutBucketAcl</a>.
--   
--   <i>See:</i> <a>newAclGrantee</a> smart constructor.
data AclGrantee
AclGrantee' :: Maybe Text -> Maybe Text -> AclGrantee

-- | Create a value of <a>AclGrantee</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:id:AclGrantee'</a>, <a>aclGrantee_id</a> - The value specified
--   is the canonical user ID of an Amazon Web Services account.
--   
--   <a>$sel:uri:AclGrantee'</a>, <a>aclGrantee_uri</a> - Used for granting
--   permissions to a predefined group.
newAclGrantee :: AclGrantee

-- | Contains details about the analyzed resource.
--   
--   <i>See:</i> <a>newAnalyzedResource</a> smart constructor.
data AnalyzedResource
AnalyzedResource' :: Maybe [Text] -> Maybe Text -> Maybe [Text] -> Maybe FindingStatus -> Text -> ResourceType -> ISO8601 -> ISO8601 -> ISO8601 -> Bool -> Text -> AnalyzedResource

-- | Create a value of <a>AnalyzedResource</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:actions:AnalyzedResource'</a>, <a>analyzedResource_actions</a>
--   - The actions that an external principal is granted permission to use
--   by the policy that generated the finding.
--   
--   <a>$sel:error:AnalyzedResource'</a>, <a>analyzedResource_error</a> -
--   An error message.
--   
--   <a>$sel:sharedVia:AnalyzedResource'</a>,
--   <a>analyzedResource_sharedVia</a> - Indicates how the access that
--   generated the finding is granted. This is populated for Amazon S3
--   bucket findings.
--   
--   <a>$sel:status:AnalyzedResource'</a>, <a>analyzedResource_status</a> -
--   The current status of the finding generated from the analyzed
--   resource.
--   
--   <a>$sel:resourceArn:AnalyzedResource'</a>,
--   <a>analyzedResource_resourceArn</a> - The ARN of the resource that was
--   analyzed.
--   
--   <a>$sel:resourceType:AnalyzedResource'</a>,
--   <a>analyzedResource_resourceType</a> - The type of the resource that
--   was analyzed.
--   
--   <a>$sel:createdAt:AnalyzedResource'</a>,
--   <a>analyzedResource_createdAt</a> - The time at which the finding was
--   created.
--   
--   <a>$sel:analyzedAt:AnalyzedResource'</a>,
--   <a>analyzedResource_analyzedAt</a> - The time at which the resource
--   was analyzed.
--   
--   <a>$sel:updatedAt:AnalyzedResource'</a>,
--   <a>analyzedResource_updatedAt</a> - The time at which the finding was
--   updated.
--   
--   <a>$sel:isPublic:AnalyzedResource'</a>,
--   <a>analyzedResource_isPublic</a> - Indicates whether the policy that
--   generated the finding grants public access to the resource.
--   
--   <a>$sel:resourceOwnerAccount:AnalyzedResource'</a>,
--   <a>analyzedResource_resourceOwnerAccount</a> - The Amazon Web Services
--   account ID that owns the resource.
newAnalyzedResource :: Text -> ResourceType -> UTCTime -> UTCTime -> UTCTime -> Bool -> Text -> AnalyzedResource

-- | Contains the ARN of the analyzed resource.
--   
--   <i>See:</i> <a>newAnalyzedResourceSummary</a> smart constructor.
data AnalyzedResourceSummary
AnalyzedResourceSummary' :: Text -> Text -> ResourceType -> AnalyzedResourceSummary

-- | Create a value of <a>AnalyzedResourceSummary</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:resourceArn:AnalyzedResourceSummary'</a>,
--   <a>analyzedResourceSummary_resourceArn</a> - The ARN of the analyzed
--   resource.
--   
--   <a>$sel:resourceOwnerAccount:AnalyzedResourceSummary'</a>,
--   <a>analyzedResourceSummary_resourceOwnerAccount</a> - The Amazon Web
--   Services account ID that owns the resource.
--   
--   <a>$sel:resourceType:AnalyzedResourceSummary'</a>,
--   <a>analyzedResourceSummary_resourceType</a> - The type of resource
--   that was analyzed.
newAnalyzedResourceSummary :: Text -> Text -> ResourceType -> AnalyzedResourceSummary

-- | Contains information about the analyzer.
--   
--   <i>See:</i> <a>newAnalyzerSummary</a> smart constructor.
data AnalyzerSummary
AnalyzerSummary' :: Maybe Text -> Maybe ISO8601 -> Maybe StatusReason -> Maybe (HashMap Text Text) -> Text -> Text -> Type -> ISO8601 -> AnalyzerStatus -> AnalyzerSummary

-- | Create a value of <a>AnalyzerSummary</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:lastResourceAnalyzed:AnalyzerSummary'</a>,
--   <a>analyzerSummary_lastResourceAnalyzed</a> - The resource that was
--   most recently analyzed by the analyzer.
--   
--   <a>$sel:lastResourceAnalyzedAt:AnalyzerSummary'</a>,
--   <a>analyzerSummary_lastResourceAnalyzedAt</a> - The time at which the
--   most recently analyzed resource was analyzed.
--   
--   <a>$sel:statusReason:AnalyzerSummary'</a>,
--   <a>analyzerSummary_statusReason</a> - The <tt>statusReason</tt>
--   provides more details about the current status of the analyzer. For
--   example, if the creation for the analyzer fails, a <tt>Failed</tt>
--   status is returned. For an analyzer with organization as the type,
--   this failure can be due to an issue with creating the service-linked
--   roles required in the member accounts of the Amazon Web Services
--   organization.
--   
--   <a>$sel:tags:AnalyzerSummary'</a>, <a>analyzerSummary_tags</a> - The
--   tags added to the analyzer.
--   
--   <a>$sel:arn:AnalyzerSummary'</a>, <a>analyzerSummary_arn</a> - The ARN
--   of the analyzer.
--   
--   <a>$sel:name:AnalyzerSummary'</a>, <a>analyzerSummary_name</a> - The
--   name of the analyzer.
--   
--   <a>$sel:type':AnalyzerSummary'</a>, <a>analyzerSummary_type</a> - The
--   type of analyzer, which corresponds to the zone of trust chosen for
--   the analyzer.
--   
--   <a>$sel:createdAt:AnalyzerSummary'</a>,
--   <a>analyzerSummary_createdAt</a> - A timestamp for the time at which
--   the analyzer was created.
--   
--   <a>$sel:status:AnalyzerSummary'</a>, <a>analyzerSummary_status</a> -
--   The status of the analyzer. An <tt>Active</tt> analyzer successfully
--   monitors supported resources and generates new findings. The analyzer
--   is <tt>Disabled</tt> when a user action, such as removing trusted
--   access for Identity and Access Management Access Analyzer from
--   Organizations, causes the analyzer to stop generating new findings.
--   The status is <tt>Creating</tt> when the analyzer creation is in
--   progress and <tt>Failed</tt> when the analyzer creation has failed.
newAnalyzerSummary :: Text -> Text -> Type -> UTCTime -> AnalyzerStatus -> AnalyzerSummary

-- | Contains information about an archive rule.
--   
--   <i>See:</i> <a>newArchiveRuleSummary</a> smart constructor.
data ArchiveRuleSummary
ArchiveRuleSummary' :: Text -> HashMap Text Criterion -> ISO8601 -> ISO8601 -> ArchiveRuleSummary

-- | Create a value of <a>ArchiveRuleSummary</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:ruleName:ArchiveRuleSummary'</a>,
--   <a>archiveRuleSummary_ruleName</a> - The name of the archive rule.
--   
--   <a>$sel:filter':ArchiveRuleSummary'</a>,
--   <a>archiveRuleSummary_filter</a> - A filter used to define the archive
--   rule.
--   
--   <a>$sel:createdAt:ArchiveRuleSummary'</a>,
--   <a>archiveRuleSummary_createdAt</a> - The time at which the archive
--   rule was created.
--   
--   <a>$sel:updatedAt:ArchiveRuleSummary'</a>,
--   <a>archiveRuleSummary_updatedAt</a> - The time at which the archive
--   rule was last updated.
newArchiveRuleSummary :: Text -> UTCTime -> UTCTime -> ArchiveRuleSummary

-- | Contains information about CloudTrail access.
--   
--   <i>See:</i> <a>newCloudTrailDetails</a> smart constructor.
data CloudTrailDetails
CloudTrailDetails' :: Maybe ISO8601 -> [Trail] -> Text -> ISO8601 -> CloudTrailDetails

-- | Create a value of <a>CloudTrailDetails</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:endTime:CloudTrailDetails'</a>,
--   <a>cloudTrailDetails_endTime</a> - The end of the time range for which
--   IAM Access Analyzer reviews your CloudTrail events. Events with a
--   timestamp after this time are not considered to generate a policy. If
--   this is not included in the request, the default value is the current
--   time.
--   
--   <a>$sel:trails:CloudTrailDetails'</a>, <a>cloudTrailDetails_trails</a>
--   - A <tt>Trail</tt> object that contains settings for a trail.
--   
--   <a>$sel:accessRole:CloudTrailDetails'</a>,
--   <a>cloudTrailDetails_accessRole</a> - The ARN of the service role that
--   IAM Access Analyzer uses to access your CloudTrail trail and service
--   last accessed information.
--   
--   <a>$sel:startTime:CloudTrailDetails'</a>,
--   <a>cloudTrailDetails_startTime</a> - The start of the time range for
--   which IAM Access Analyzer reviews your CloudTrail events. Events with
--   a timestamp before this time are not considered to generate a policy.
newCloudTrailDetails :: Text -> UTCTime -> CloudTrailDetails

-- | Contains information about CloudTrail access.
--   
--   <i>See:</i> <a>newCloudTrailProperties</a> smart constructor.
data CloudTrailProperties
CloudTrailProperties' :: [TrailProperties] -> ISO8601 -> ISO8601 -> CloudTrailProperties

-- | Create a value of <a>CloudTrailProperties</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:trailProperties:CloudTrailProperties'</a>,
--   <a>cloudTrailProperties_trailProperties</a> - A
--   <tt>TrailProperties</tt> object that contains settings for trail
--   properties.
--   
--   <a>$sel:startTime:CloudTrailProperties'</a>,
--   <a>cloudTrailProperties_startTime</a> - The start of the time range
--   for which IAM Access Analyzer reviews your CloudTrail events. Events
--   with a timestamp before this time are not considered to generate a
--   policy.
--   
--   <a>$sel:endTime:CloudTrailProperties'</a>,
--   <a>cloudTrailProperties_endTime</a> - The end of the time range for
--   which IAM Access Analyzer reviews your CloudTrail events. Events with
--   a timestamp after this time are not considered to generate a policy.
--   If this is not included in the request, the default value is the
--   current time.
newCloudTrailProperties :: UTCTime -> UTCTime -> CloudTrailProperties

-- | Access control configuration structures for your resource. You specify
--   the configuration as a type-value pair. You can specify only one type
--   of access control configuration.
--   
--   <i>See:</i> <a>newConfiguration</a> smart constructor.
data Configuration
Configuration' :: Maybe EbsSnapshotConfiguration -> Maybe EcrRepositoryConfiguration -> Maybe EfsFileSystemConfiguration -> Maybe IamRoleConfiguration -> Maybe KmsKeyConfiguration -> Maybe RdsDbClusterSnapshotConfiguration -> Maybe RdsDbSnapshotConfiguration -> Maybe S3BucketConfiguration -> Maybe SecretsManagerSecretConfiguration -> Maybe SnsTopicConfiguration -> Maybe SqsQueueConfiguration -> Configuration

-- | Create a value of <a>Configuration</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:ebsSnapshot:Configuration'</a>,
--   <a>configuration_ebsSnapshot</a> - The access control configuration is
--   for an Amazon EBS volume snapshot.
--   
--   <a>$sel:ecrRepository:Configuration'</a>,
--   <a>configuration_ecrRepository</a> - The access control configuration
--   is for an Amazon ECR repository.
--   
--   <a>$sel:efsFileSystem:Configuration'</a>,
--   <a>configuration_efsFileSystem</a> - The access control configuration
--   is for an Amazon EFS file system.
--   
--   <a>$sel:iamRole:Configuration'</a>, <a>configuration_iamRole</a> - The
--   access control configuration is for an IAM role.
--   
--   <a>$sel:kmsKey:Configuration'</a>, <a>configuration_kmsKey</a> - The
--   access control configuration is for a KMS key.
--   
--   <a>$sel:rdsDbClusterSnapshot:Configuration'</a>,
--   <a>configuration_rdsDbClusterSnapshot</a> - The access control
--   configuration is for an Amazon RDS DB cluster snapshot.
--   
--   <a>$sel:rdsDbSnapshot:Configuration'</a>,
--   <a>configuration_rdsDbSnapshot</a> - The access control configuration
--   is for an Amazon RDS DB snapshot.
--   
--   <a>$sel:s3Bucket:Configuration'</a>, <a>configuration_s3Bucket</a> -
--   The access control configuration is for an Amazon S3 Bucket.
--   
--   <a>$sel:secretsManagerSecret:Configuration'</a>,
--   <a>configuration_secretsManagerSecret</a> - The access control
--   configuration is for a Secrets Manager secret.
--   
--   <a>$sel:snsTopic:Configuration'</a>, <a>configuration_snsTopic</a> -
--   The access control configuration is for an Amazon SNS topic
--   
--   <a>$sel:sqsQueue:Configuration'</a>, <a>configuration_sqsQueue</a> -
--   The access control configuration is for an Amazon SQS queue.
newConfiguration :: Configuration

-- | The criteria to use in the filter that defines the archive rule. For
--   more information on available filter keys, see <a>IAM Access Analyzer
--   filter keys</a>.
--   
--   <i>See:</i> <a>newCriterion</a> smart constructor.
data Criterion
Criterion' :: Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Maybe Bool -> Maybe (NonEmpty Text) -> Criterion

-- | Create a value of <a>Criterion</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:contains:Criterion'</a>, <a>criterion_contains</a> - A
--   "contains" operator to match for the filter used to create the rule.
--   
--   <a>$sel:eq:Criterion'</a>, <a>criterion_eq</a> - An "equals" operator
--   to match for the filter used to create the rule.
--   
--   <a>$sel:exists:Criterion'</a>, <a>criterion_exists</a> - An "exists"
--   operator to match for the filter used to create the rule.
--   
--   <a>$sel:neq:Criterion'</a>, <a>criterion_neq</a> - A "not equals"
--   operator to match for the filter used to create the rule.
newCriterion :: Criterion

-- | The proposed access control configuration for an Amazon EBS volume
--   snapshot. You can propose a configuration for a new Amazon EBS volume
--   snapshot or an Amazon EBS volume snapshot that you own by specifying
--   the user IDs, groups, and optional KMS encryption key. For more
--   information, see <a>ModifySnapshotAttribute</a>.
--   
--   <i>See:</i> <a>newEbsSnapshotConfiguration</a> smart constructor.
data EbsSnapshotConfiguration
EbsSnapshotConfiguration' :: Maybe [Text] -> Maybe Text -> Maybe [Text] -> EbsSnapshotConfiguration

-- | Create a value of <a>EbsSnapshotConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:groups:EbsSnapshotConfiguration'</a>,
--   <a>ebsSnapshotConfiguration_groups</a> - The groups that have access
--   to the Amazon EBS volume snapshot. If the value <tt>all</tt> is
--   specified, then the Amazon EBS volume snapshot is public.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>groups</tt>, then the access preview
--   uses the existing shared <tt>groups</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>groups</tt>, then the access preview considers the snapshot
--   without any <tt>groups</tt>.</li>
--   <li>To propose deletion of existing shared <tt>groups</tt>, you can
--   specify an empty list for <tt>groups</tt>.</li>
--   </ul>
--   
--   <a>$sel:kmsKeyId:EbsSnapshotConfiguration'</a>,
--   <a>ebsSnapshotConfiguration_kmsKeyId</a> - The KMS key identifier for
--   an encrypted Amazon EBS volume snapshot. The KMS key identifier is the
--   key ARN, key ID, alias ARN, or alias name for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>kmsKeyId</tt>, or you specify an empty
--   string, then the access preview uses the existing <tt>kmsKeyId</tt> of
--   the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>kmsKeyId</tt>, the access preview considers the snapshot as
--   unencrypted.</li>
--   </ul>
--   
--   <a>$sel:userIds:EbsSnapshotConfiguration'</a>,
--   <a>ebsSnapshotConfiguration_userIds</a> - The IDs of the Amazon Web
--   Services accounts that have access to the Amazon EBS volume snapshot.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EBS volume snapshot
--   and you do not specify the <tt>userIds</tt>, then the access preview
--   uses the existing shared <tt>userIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the <tt>userIds</tt>, then the access preview considers the snapshot
--   without any <tt>userIds</tt>.</li>
--   <li>To propose deletion of existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>userIds</tt>.</li>
--   </ul>
newEbsSnapshotConfiguration :: EbsSnapshotConfiguration

-- | The proposed access control configuration for an Amazon ECR
--   repository. You can propose a configuration for a new Amazon ECR
--   repository or an existing Amazon ECR repository that you own by
--   specifying the Amazon ECR policy. For more information, see
--   <a>Repository</a>.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon ECR repository and
--   you do not specify the Amazon ECR policy, then the access preview uses
--   the existing Amazon ECR policy for the repository.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the policy, then the access preview assumes an Amazon ECR repository
--   without a policy.</li>
--   <li>To propose deletion of an existing Amazon ECR repository policy,
--   you can specify an empty string for the Amazon ECR policy.</li>
--   </ul>
--   
--   <i>See:</i> <a>newEcrRepositoryConfiguration</a> smart constructor.
data EcrRepositoryConfiguration
EcrRepositoryConfiguration' :: Maybe Text -> EcrRepositoryConfiguration

-- | Create a value of <a>EcrRepositoryConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:repositoryPolicy:EcrRepositoryConfiguration'</a>,
--   <a>ecrRepositoryConfiguration_repositoryPolicy</a> - The JSON
--   repository policy text to apply to the Amazon ECR repository. For more
--   information, see <a>Private repository policy examples</a> in the
--   <i>Amazon ECR User Guide</i>.
newEcrRepositoryConfiguration :: EcrRepositoryConfiguration

-- | The proposed access control configuration for an Amazon EFS file
--   system. You can propose a configuration for a new Amazon EFS file
--   system or an existing Amazon EFS file system that you own by
--   specifying the Amazon EFS policy. For more information, see <a>Using
--   file systems in Amazon EFS</a>.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon EFS file system and
--   you do not specify the Amazon EFS policy, then the access preview uses
--   the existing Amazon EFS policy for the file system.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the policy, then the access preview assumes an Amazon EFS file system
--   without a policy.</li>
--   <li>To propose deletion of an existing Amazon EFS file system policy,
--   you can specify an empty string for the Amazon EFS policy.</li>
--   </ul>
--   
--   <i>See:</i> <a>newEfsFileSystemConfiguration</a> smart constructor.
data EfsFileSystemConfiguration
EfsFileSystemConfiguration' :: Maybe Text -> EfsFileSystemConfiguration

-- | Create a value of <a>EfsFileSystemConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:fileSystemPolicy:EfsFileSystemConfiguration'</a>,
--   <a>efsFileSystemConfiguration_fileSystemPolicy</a> - The JSON policy
--   definition to apply to the Amazon EFS file system. For more
--   information on the elements that make up a file system policy, see
--   <a>Amazon EFS Resource-based policies</a>.
newEfsFileSystemConfiguration :: EfsFileSystemConfiguration

-- | Contains information about a finding.
--   
--   <i>See:</i> <a>newFinding</a> smart constructor.
data Finding
Finding' :: Maybe [Text] -> Maybe Text -> Maybe Bool -> Maybe (HashMap Text Text) -> Maybe Text -> Maybe [FindingSource] -> Text -> ResourceType -> HashMap Text Text -> ISO8601 -> ISO8601 -> ISO8601 -> FindingStatus -> Text -> Finding

-- | Create a value of <a>Finding</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:action:Finding'</a>, <a>finding_action</a> - The action in the
--   analyzed policy statement that an external principal has permission to
--   use.
--   
--   <a>$sel:error:Finding'</a>, <a>finding_error</a> - An error.
--   
--   <a>$sel:isPublic:Finding'</a>, <a>finding_isPublic</a> - Indicates
--   whether the policy that generated the finding allows public access to
--   the resource.
--   
--   <a>$sel:principal:Finding'</a>, <a>finding_principal</a> - The
--   external principal that access to a resource within the zone of trust.
--   
--   <a>$sel:resource:Finding'</a>, <a>finding_resource</a> - The resource
--   that an external principal has access to.
--   
--   <a>$sel:sources:Finding'</a>, <a>finding_sources</a> - The sources of
--   the finding. This indicates how the access that generated the finding
--   is granted. It is populated for Amazon S3 bucket findings.
--   
--   <a>$sel:id:Finding'</a>, <a>finding_id</a> - The ID of the finding.
--   
--   <a>$sel:resourceType:Finding'</a>, <a>finding_resourceType</a> - The
--   type of the resource identified in the finding.
--   
--   <a>$sel:condition:Finding'</a>, <a>finding_condition</a> - The
--   condition in the analyzed policy statement that resulted in a finding.
--   
--   <a>$sel:createdAt:Finding'</a>, <a>finding_createdAt</a> - The time at
--   which the finding was generated.
--   
--   <a>$sel:analyzedAt:Finding'</a>, <a>finding_analyzedAt</a> - The time
--   at which the resource was analyzed.
--   
--   <a>$sel:updatedAt:Finding'</a>, <a>finding_updatedAt</a> - The time at
--   which the finding was updated.
--   
--   <a>$sel:status:Finding'</a>, <a>finding_status</a> - The current
--   status of the finding.
--   
--   <a>$sel:resourceOwnerAccount:Finding'</a>,
--   <a>finding_resourceOwnerAccount</a> - The Amazon Web Services account
--   ID that owns the resource.
newFinding :: Text -> ResourceType -> UTCTime -> UTCTime -> UTCTime -> FindingStatus -> Text -> Finding

-- | The source of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
--   
--   <i>See:</i> <a>newFindingSource</a> smart constructor.
data FindingSource
FindingSource' :: Maybe FindingSourceDetail -> FindingSourceType -> FindingSource

-- | Create a value of <a>FindingSource</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:detail:FindingSource'</a>, <a>findingSource_detail</a> -
--   Includes details about how the access that generated the finding is
--   granted. This is populated for Amazon S3 bucket findings.
--   
--   <a>$sel:type':FindingSource'</a>, <a>findingSource_type</a> -
--   Indicates the type of access that generated the finding.
newFindingSource :: FindingSourceType -> FindingSource

-- | Includes details about how the access that generated the finding is
--   granted. This is populated for Amazon S3 bucket findings.
--   
--   <i>See:</i> <a>newFindingSourceDetail</a> smart constructor.
data FindingSourceDetail
FindingSourceDetail' :: Maybe Text -> Maybe Text -> FindingSourceDetail

-- | Create a value of <a>FindingSourceDetail</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accessPointAccount:FindingSourceDetail'</a>,
--   <a>findingSourceDetail_accessPointAccount</a> - The account of the
--   cross-account access point that generated the finding.
--   
--   <a>$sel:accessPointArn:FindingSourceDetail'</a>,
--   <a>findingSourceDetail_accessPointArn</a> - The ARN of the access
--   point that generated the finding. The ARN format depends on whether
--   the ARN represents an access point or a multi-region access point.
newFindingSourceDetail :: FindingSourceDetail

-- | Contains information about a finding.
--   
--   <i>See:</i> <a>newFindingSummary</a> smart constructor.
data FindingSummary
FindingSummary' :: Maybe [Text] -> Maybe Text -> Maybe Bool -> Maybe (HashMap Text Text) -> Maybe Text -> Maybe [FindingSource] -> Text -> ResourceType -> HashMap Text Text -> ISO8601 -> ISO8601 -> ISO8601 -> FindingStatus -> Text -> FindingSummary

-- | Create a value of <a>FindingSummary</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:action:FindingSummary'</a>, <a>findingSummary_action</a> - The
--   action in the analyzed policy statement that an external principal has
--   permission to use.
--   
--   <a>$sel:error:FindingSummary'</a>, <a>findingSummary_error</a> - The
--   error that resulted in an Error finding.
--   
--   <a>$sel:isPublic:FindingSummary'</a>, <a>findingSummary_isPublic</a> -
--   Indicates whether the finding reports a resource that has a policy
--   that allows public access.
--   
--   <a>$sel:principal:FindingSummary'</a>, <a>findingSummary_principal</a>
--   - The external principal that has access to a resource within the zone
--   of trust.
--   
--   <a>$sel:resource:FindingSummary'</a>, <a>findingSummary_resource</a> -
--   The resource that the external principal has access to.
--   
--   <a>$sel:sources:FindingSummary'</a>, <a>findingSummary_sources</a> -
--   The sources of the finding. This indicates how the access that
--   generated the finding is granted. It is populated for Amazon S3 bucket
--   findings.
--   
--   <a>$sel:id:FindingSummary'</a>, <a>findingSummary_id</a> - The ID of
--   the finding.
--   
--   <a>$sel:resourceType:FindingSummary'</a>,
--   <a>findingSummary_resourceType</a> - The type of the resource that the
--   external principal has access to.
--   
--   <a>$sel:condition:FindingSummary'</a>, <a>findingSummary_condition</a>
--   - The condition in the analyzed policy statement that resulted in a
--   finding.
--   
--   <a>$sel:createdAt:FindingSummary'</a>, <a>findingSummary_createdAt</a>
--   - The time at which the finding was created.
--   
--   <a>$sel:analyzedAt:FindingSummary'</a>,
--   <a>findingSummary_analyzedAt</a> - The time at which the
--   resource-based policy that generated the finding was analyzed.
--   
--   <a>$sel:updatedAt:FindingSummary'</a>, <a>findingSummary_updatedAt</a>
--   - The time at which the finding was most recently updated.
--   
--   <a>$sel:status:FindingSummary'</a>, <a>findingSummary_status</a> - The
--   status of the finding.
--   
--   <a>$sel:resourceOwnerAccount:FindingSummary'</a>,
--   <a>findingSummary_resourceOwnerAccount</a> - The Amazon Web Services
--   account ID that owns the resource.
newFindingSummary :: Text -> ResourceType -> UTCTime -> UTCTime -> UTCTime -> FindingStatus -> Text -> FindingSummary

-- | Contains the text for the generated policy.
--   
--   <i>See:</i> <a>newGeneratedPolicy</a> smart constructor.
data GeneratedPolicy
GeneratedPolicy' :: Text -> GeneratedPolicy

-- | Create a value of <a>GeneratedPolicy</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:policy:GeneratedPolicy'</a>, <a>generatedPolicy_policy</a> -
--   The text to use as the content for the new policy. The policy is
--   created using the <a>CreatePolicy</a> action.
newGeneratedPolicy :: Text -> GeneratedPolicy

-- | Contains the generated policy details.
--   
--   <i>See:</i> <a>newGeneratedPolicyProperties</a> smart constructor.
data GeneratedPolicyProperties
GeneratedPolicyProperties' :: Maybe CloudTrailProperties -> Maybe Bool -> Text -> GeneratedPolicyProperties

-- | Create a value of <a>GeneratedPolicyProperties</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:cloudTrailProperties:GeneratedPolicyProperties'</a>,
--   <a>generatedPolicyProperties_cloudTrailProperties</a> - Lists details
--   about the <tt>Trail</tt> used to generated policy.
--   
--   <a>$sel:isComplete:GeneratedPolicyProperties'</a>,
--   <a>generatedPolicyProperties_isComplete</a> - This value is set to
--   <tt>true</tt> if the generated policy contains all possible actions
--   for a service that IAM Access Analyzer identified from the CloudTrail
--   trail that you specified, and <tt>false</tt> otherwise.
--   
--   <a>$sel:principalArn:GeneratedPolicyProperties'</a>,
--   <a>generatedPolicyProperties_principalArn</a> - The ARN of the IAM
--   entity (user or role) for which you are generating a policy.
newGeneratedPolicyProperties :: Text -> GeneratedPolicyProperties

-- | Contains the text for the generated policy and its details.
--   
--   <i>See:</i> <a>newGeneratedPolicyResult</a> smart constructor.
data GeneratedPolicyResult
GeneratedPolicyResult' :: Maybe [GeneratedPolicy] -> GeneratedPolicyProperties -> GeneratedPolicyResult

-- | Create a value of <a>GeneratedPolicyResult</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:generatedPolicies:GeneratedPolicyResult'</a>,
--   <a>generatedPolicyResult_generatedPolicies</a> - The text to use as
--   the content for the new policy. The policy is created using the
--   <a>CreatePolicy</a> action.
--   
--   <a>$sel:properties:GeneratedPolicyResult'</a>,
--   <a>generatedPolicyResult_properties</a> - A
--   <tt>GeneratedPolicyProperties</tt> object that contains properties of
--   the generated policy.
newGeneratedPolicyResult :: GeneratedPolicyProperties -> GeneratedPolicyResult

-- | The proposed access control configuration for an IAM role. You can
--   propose a configuration for a new IAM role or an existing IAM role
--   that you own by specifying the trust policy. If the configuration is
--   for a new IAM role, you must specify the trust policy. If the
--   configuration is for an existing IAM role that you own and you do not
--   propose the trust policy, the access preview uses the existing trust
--   policy for the role. The proposed trust policy cannot be an empty
--   string. For more information about role trust policy limits, see
--   <a>IAM and STS quotas</a>.
--   
--   <i>See:</i> <a>newIamRoleConfiguration</a> smart constructor.
data IamRoleConfiguration
IamRoleConfiguration' :: Maybe Text -> IamRoleConfiguration

-- | Create a value of <a>IamRoleConfiguration</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:trustPolicy:IamRoleConfiguration'</a>,
--   <a>iamRoleConfiguration_trustPolicy</a> - The proposed trust policy
--   for the IAM role.
newIamRoleConfiguration :: IamRoleConfiguration

-- | An criterion statement in an archive rule. Each archive rule may have
--   multiple criteria.
--   
--   <i>See:</i> <a>newInlineArchiveRule</a> smart constructor.
data InlineArchiveRule
InlineArchiveRule' :: Text -> HashMap Text Criterion -> InlineArchiveRule

-- | Create a value of <a>InlineArchiveRule</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:ruleName:InlineArchiveRule'</a>,
--   <a>inlineArchiveRule_ruleName</a> - The name of the rule.
--   
--   <a>$sel:filter':InlineArchiveRule'</a>,
--   <a>inlineArchiveRule_filter</a> - The condition and values for a
--   criterion.
newInlineArchiveRule :: Text -> InlineArchiveRule

-- | This configuration sets the network origin for the Amazon S3 access
--   point or multi-region access point to <tt>Internet</tt>.
--   
--   <i>See:</i> <a>newInternetConfiguration</a> smart constructor.
data InternetConfiguration
InternetConfiguration' :: InternetConfiguration

-- | Create a value of <a>InternetConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
newInternetConfiguration :: InternetConfiguration

-- | Contains details about the policy generation request.
--   
--   <i>See:</i> <a>newJobDetails</a> smart constructor.
data JobDetails
JobDetails' :: Maybe ISO8601 -> Maybe JobError -> Text -> JobStatus -> ISO8601 -> JobDetails

-- | Create a value of <a>JobDetails</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:completedOn:JobDetails'</a>, <a>jobDetails_completedOn</a> - A
--   timestamp of when the job was completed.
--   
--   <a>$sel:jobError:JobDetails'</a>, <a>jobDetails_jobError</a> - The job
--   error for the policy generation request.
--   
--   <a>$sel:jobId:JobDetails'</a>, <a>jobDetails_jobId</a> - The
--   <tt>JobId</tt> that is returned by the <tt>StartPolicyGeneration</tt>
--   operation. The <tt>JobId</tt> can be used with
--   <tt>GetGeneratedPolicy</tt> to retrieve the generated policies or used
--   with <tt>CancelPolicyGeneration</tt> to cancel the policy generation
--   request.
--   
--   <a>$sel:status:JobDetails'</a>, <a>jobDetails_status</a> - The status
--   of the job request.
--   
--   <a>$sel:startedOn:JobDetails'</a>, <a>jobDetails_startedOn</a> - A
--   timestamp of when the job was started.
newJobDetails :: Text -> JobStatus -> UTCTime -> JobDetails

-- | Contains the details about the policy generation error.
--   
--   <i>See:</i> <a>newJobError</a> smart constructor.
data JobError
JobError' :: JobErrorCode -> Text -> JobError

-- | Create a value of <a>JobError</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:code:JobError'</a>, <a>jobError_code</a> - The job error code.
--   
--   <a>$sel:message:JobError'</a>, <a>jobError_message</a> - Specific
--   information about the error. For example, which service quota was
--   exceeded or which resource was not found.
newJobError :: JobErrorCode -> Text -> JobError

-- | A proposed grant configuration for a KMS key. For more information,
--   see <a>CreateGrant</a>.
--   
--   <i>See:</i> <a>newKmsGrantConfiguration</a> smart constructor.
data KmsGrantConfiguration
KmsGrantConfiguration' :: Maybe KmsGrantConstraints -> Maybe Text -> [KmsGrantOperation] -> Text -> Text -> KmsGrantConfiguration

-- | Create a value of <a>KmsGrantConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:constraints:KmsGrantConfiguration'</a>,
--   <a>kmsGrantConfiguration_constraints</a> - Use this structure to
--   propose allowing <a>cryptographic operations</a> in the grant only
--   when the operation request includes the specified <a>encryption
--   context</a>.
--   
--   <a>$sel:retiringPrincipal:KmsGrantConfiguration'</a>,
--   <a>kmsGrantConfiguration_retiringPrincipal</a> - The principal that is
--   given permission to retire the grant by using <a>RetireGrant</a>
--   operation.
--   
--   <a>$sel:operations:KmsGrantConfiguration'</a>,
--   <a>kmsGrantConfiguration_operations</a> - A list of operations that
--   the grant permits.
--   
--   <a>$sel:granteePrincipal:KmsGrantConfiguration'</a>,
--   <a>kmsGrantConfiguration_granteePrincipal</a> - The principal that is
--   given permission to perform the operations that the grant permits.
--   
--   <a>$sel:issuingAccount:KmsGrantConfiguration'</a>,
--   <a>kmsGrantConfiguration_issuingAccount</a> - The Amazon Web Services
--   account under which the grant was issued. The account is used to
--   propose KMS grants issued by accounts other than the owner of the key.
newKmsGrantConfiguration :: Text -> Text -> KmsGrantConfiguration

-- | Use this structure to propose allowing <a>cryptographic operations</a>
--   in the grant only when the operation request includes the specified
--   <a>encryption context</a>. You can specify only one type of encryption
--   context. An empty map is treated as not specified. For more
--   information, see <a>GrantConstraints</a>.
--   
--   <i>See:</i> <a>newKmsGrantConstraints</a> smart constructor.
data KmsGrantConstraints
KmsGrantConstraints' :: Maybe (HashMap Text Text) -> Maybe (HashMap Text Text) -> KmsGrantConstraints

-- | Create a value of <a>KmsGrantConstraints</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:encryptionContextEquals:KmsGrantConstraints'</a>,
--   <a>kmsGrantConstraints_encryptionContextEquals</a> - A list of
--   key-value pairs that must match the encryption context in the
--   <a>cryptographic operation</a> request. The grant allows the operation
--   only when the encryption context in the request is the same as the
--   encryption context specified in this constraint.
--   
--   <a>$sel:encryptionContextSubset:KmsGrantConstraints'</a>,
--   <a>kmsGrantConstraints_encryptionContextSubset</a> - A list of
--   key-value pairs that must be included in the encryption context of the
--   <a>cryptographic operation</a> request. The grant allows the
--   cryptographic operation only when the encryption context in the
--   request includes the key-value pairs specified in this constraint,
--   although it can include additional key-value pairs.
newKmsGrantConstraints :: KmsGrantConstraints

-- | Proposed access control configuration for a KMS key. You can propose a
--   configuration for a new KMS key or an existing KMS key that you own by
--   specifying the key policy and KMS grant configuration. If the
--   configuration is for an existing key and you do not specify the key
--   policy, the access preview uses the existing policy for the key. If
--   the access preview is for a new resource and you do not specify the
--   key policy, then the access preview uses the default key policy. The
--   proposed key policy cannot be an empty string. For more information,
--   see <a>Default key policy</a>. For more information about key policy
--   limits, see <a>Resource quotas</a>.
--   
--   <i>See:</i> <a>newKmsKeyConfiguration</a> smart constructor.
data KmsKeyConfiguration
KmsKeyConfiguration' :: Maybe [KmsGrantConfiguration] -> Maybe (HashMap Text Text) -> KmsKeyConfiguration

-- | Create a value of <a>KmsKeyConfiguration</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:grants:KmsKeyConfiguration'</a>,
--   <a>kmsKeyConfiguration_grants</a> - A list of proposed grant
--   configurations for the KMS key. If the proposed grant configuration is
--   for an existing key, the access preview uses the proposed list of
--   grant configurations in place of the existing grants. Otherwise, the
--   access preview uses the existing grants for the key.
--   
--   <a>$sel:keyPolicies:KmsKeyConfiguration'</a>,
--   <a>kmsKeyConfiguration_keyPolicies</a> - Resource policy configuration
--   for the KMS key. The only valid value for the name of the key policy
--   is <tt>default</tt>. For more information, see <a>Default key
--   policy</a>.
newKmsKeyConfiguration :: KmsKeyConfiguration

-- | A location in a policy that is represented as a path through the JSON
--   representation and a corresponding span.
--   
--   <i>See:</i> <a>newLocation</a> smart constructor.
data Location
Location' :: [PathElement] -> Span -> Location

-- | Create a value of <a>Location</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:path:Location'</a>, <a>location_path</a> - A path in a policy,
--   represented as a sequence of path elements.
--   
--   <a>$sel:span:Location'</a>, <a>location_span</a> - A span in a policy.
newLocation :: Span -> Location

-- | The proposed <tt>InternetConfiguration</tt> or
--   <tt>VpcConfiguration</tt> to apply to the Amazon S3 access point.
--   <tt>VpcConfiguration</tt> does not apply to multi-region access
--   points. You can make the access point accessible from the internet, or
--   you can specify that all requests made through that access point must
--   originate from a specific virtual private cloud (VPC). You can specify
--   only one type of network configuration. For more information, see
--   <a>Creating access points</a>.
--   
--   <i>See:</i> <a>newNetworkOriginConfiguration</a> smart constructor.
data NetworkOriginConfiguration
NetworkOriginConfiguration' :: Maybe InternetConfiguration -> Maybe VpcConfiguration -> NetworkOriginConfiguration

-- | Create a value of <a>NetworkOriginConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:internetConfiguration:NetworkOriginConfiguration'</a>,
--   <a>networkOriginConfiguration_internetConfiguration</a> - The
--   configuration for the Amazon S3 access point or multi-region access
--   point with an <tt>Internet</tt> origin.
--   
--   <a>$sel:vpcConfiguration:NetworkOriginConfiguration'</a>,
--   <a>networkOriginConfiguration_vpcConfiguration</a> - Undocumented
--   member.
newNetworkOriginConfiguration :: NetworkOriginConfiguration

-- | A single element in a path through the JSON representation of a
--   policy.
--   
--   <i>See:</i> <a>newPathElement</a> smart constructor.
data PathElement
PathElement' :: Maybe Int -> Maybe Text -> Maybe Substring -> Maybe Text -> PathElement

-- | Create a value of <a>PathElement</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:index:PathElement'</a>, <a>pathElement_index</a> - Refers to
--   an index in a JSON array.
--   
--   <a>$sel:key:PathElement'</a>, <a>pathElement_key</a> - Refers to a key
--   in a JSON object.
--   
--   <a>$sel:substring:PathElement'</a>, <a>pathElement_substring</a> -
--   Refers to a substring of a literal string in a JSON object.
--   
--   <a>$sel:value:PathElement'</a>, <a>pathElement_value</a> - Refers to
--   the value associated with a given key in a JSON object.
newPathElement :: PathElement

-- | Contains details about the policy generation status and properties.
--   
--   <i>See:</i> <a>newPolicyGeneration</a> smart constructor.
data PolicyGeneration
PolicyGeneration' :: Maybe ISO8601 -> Text -> Text -> JobStatus -> ISO8601 -> PolicyGeneration

-- | Create a value of <a>PolicyGeneration</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:completedOn:PolicyGeneration'</a>,
--   <a>policyGeneration_completedOn</a> - A timestamp of when the policy
--   generation was completed.
--   
--   <a>$sel:jobId:PolicyGeneration'</a>, <a>policyGeneration_jobId</a> -
--   The <tt>JobId</tt> that is returned by the
--   <tt>StartPolicyGeneration</tt> operation. The <tt>JobId</tt> can be
--   used with <tt>GetGeneratedPolicy</tt> to retrieve the generated
--   policies or used with <tt>CancelPolicyGeneration</tt> to cancel the
--   policy generation request.
--   
--   <a>$sel:principalArn:PolicyGeneration'</a>,
--   <a>policyGeneration_principalArn</a> - The ARN of the IAM entity (user
--   or role) for which you are generating a policy.
--   
--   <a>$sel:status:PolicyGeneration'</a>, <a>policyGeneration_status</a> -
--   The status of the policy generation request.
--   
--   <a>$sel:startedOn:PolicyGeneration'</a>,
--   <a>policyGeneration_startedOn</a> - A timestamp of when the policy
--   generation started.
newPolicyGeneration :: Text -> Text -> JobStatus -> UTCTime -> PolicyGeneration

-- | Contains the ARN details about the IAM entity for which the policy is
--   generated.
--   
--   <i>See:</i> <a>newPolicyGenerationDetails</a> smart constructor.
data PolicyGenerationDetails
PolicyGenerationDetails' :: Text -> PolicyGenerationDetails

-- | Create a value of <a>PolicyGenerationDetails</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:principalArn:PolicyGenerationDetails'</a>,
--   <a>policyGenerationDetails_principalArn</a> - The ARN of the IAM
--   entity (user or role) for which you are generating a policy.
newPolicyGenerationDetails :: Text -> PolicyGenerationDetails

-- | A position in a policy.
--   
--   <i>See:</i> <a>newPosition</a> smart constructor.
data Position
Position' :: Int -> Int -> Int -> Position

-- | Create a value of <a>Position</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:line:Position'</a>, <a>position_line</a> - The line of the
--   position, starting from 1.
--   
--   <a>$sel:column:Position'</a>, <a>position_column</a> - The column of
--   the position, starting from 0.
--   
--   <a>$sel:offset:Position'</a>, <a>position_offset</a> - The offset
--   within the policy that corresponds to the position, starting from 0.
newPosition :: Int -> Int -> Int -> Position

-- | The values for a manual Amazon RDS DB cluster snapshot attribute.
--   
--   <i>See:</i> <a>newRdsDbClusterSnapshotAttributeValue</a> smart
--   constructor.
data RdsDbClusterSnapshotAttributeValue
RdsDbClusterSnapshotAttributeValue' :: Maybe [Text] -> RdsDbClusterSnapshotAttributeValue

-- | Create a value of <a>RdsDbClusterSnapshotAttributeValue</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accountIds:RdsDbClusterSnapshotAttributeValue'</a>,
--   <a>rdsDbClusterSnapshotAttributeValue_accountIds</a> - The Amazon Web
--   Services account IDs that have access to the manual Amazon RDS DB
--   cluster snapshot. If the value <tt>all</tt> is specified, then the
--   Amazon RDS DB cluster snapshot is public and can be copied or restored
--   by all Amazon Web Services accounts.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB cluster
--   snapshot and you do not specify the <tt>accountIds</tt> in
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>, then the access preview
--   uses the existing shared <tt>accountIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>accountIds</tt> in
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>, then the access preview
--   considers the snapshot without any attributes.</li>
--   <li>To propose deletion of existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>accountIds</tt> in the
--   <tt>RdsDbClusterSnapshotAttributeValue</tt>.</li>
--   </ul>
newRdsDbClusterSnapshotAttributeValue :: RdsDbClusterSnapshotAttributeValue

-- | The proposed access control configuration for an Amazon RDS DB cluster
--   snapshot. You can propose a configuration for a new Amazon RDS DB
--   cluster snapshot or an Amazon RDS DB cluster snapshot that you own by
--   specifying the <tt>RdsDbClusterSnapshotAttributeValue</tt> and
--   optional KMS encryption key. For more information, see
--   <a>ModifyDBClusterSnapshotAttribute</a>.
--   
--   <i>See:</i> <a>newRdsDbClusterSnapshotConfiguration</a> smart
--   constructor.
data RdsDbClusterSnapshotConfiguration
RdsDbClusterSnapshotConfiguration' :: Maybe (HashMap Text RdsDbClusterSnapshotAttributeValue) -> Maybe Text -> RdsDbClusterSnapshotConfiguration

-- | Create a value of <a>RdsDbClusterSnapshotConfiguration</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:attributes:RdsDbClusterSnapshotConfiguration'</a>,
--   <a>rdsDbClusterSnapshotConfiguration_attributes</a> - The names and
--   values of manual DB cluster snapshot attributes. Manual DB cluster
--   snapshot attributes are used to authorize other Amazon Web Services
--   accounts to restore a manual DB cluster snapshot. The only valid value
--   for <tt>AttributeName</tt> for the attribute map is <tt>restore</tt>
--   
--   <a>$sel:kmsKeyId:RdsDbClusterSnapshotConfiguration'</a>,
--   <a>rdsDbClusterSnapshotConfiguration_kmsKeyId</a> - The KMS key
--   identifier for an encrypted Amazon RDS DB cluster snapshot. The KMS
--   key identifier is the key ARN, key ID, alias ARN, or alias name for
--   the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB cluster
--   snapshot and you do not specify the <tt>kmsKeyId</tt>, or you specify
--   an empty string, then the access preview uses the existing
--   <tt>kmsKeyId</tt> of the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>kmsKeyId</tt>, then the access preview considers
--   the snapshot as unencrypted.</li>
--   </ul>
newRdsDbClusterSnapshotConfiguration :: RdsDbClusterSnapshotConfiguration

-- | The name and values of a manual Amazon RDS DB snapshot attribute.
--   Manual DB snapshot attributes are used to authorize other Amazon Web
--   Services accounts to restore a manual DB snapshot.
--   
--   <i>See:</i> <a>newRdsDbSnapshotAttributeValue</a> smart constructor.
data RdsDbSnapshotAttributeValue
RdsDbSnapshotAttributeValue' :: Maybe [Text] -> RdsDbSnapshotAttributeValue

-- | Create a value of <a>RdsDbSnapshotAttributeValue</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accountIds:RdsDbSnapshotAttributeValue'</a>,
--   <a>rdsDbSnapshotAttributeValue_accountIds</a> - The Amazon Web
--   Services account IDs that have access to the manual Amazon RDS DB
--   snapshot. If the value <tt>all</tt> is specified, then the Amazon RDS
--   DB snapshot is public and can be copied or restored by all Amazon Web
--   Services accounts.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB snapshot and
--   you do not specify the <tt>accountIds</tt> in
--   <tt>RdsDbSnapshotAttributeValue</tt>, then the access preview uses the
--   existing shared <tt>accountIds</tt> for the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>accountIds</tt> in
--   <tt>RdsDbSnapshotAttributeValue</tt>, then the access preview
--   considers the snapshot without any attributes.</li>
--   <li>To propose deletion of an existing shared <tt>accountIds</tt>, you
--   can specify an empty list for <tt>accountIds</tt> in the
--   <tt>RdsDbSnapshotAttributeValue</tt>.</li>
--   </ul>
newRdsDbSnapshotAttributeValue :: RdsDbSnapshotAttributeValue

-- | The proposed access control configuration for an Amazon RDS DB
--   snapshot. You can propose a configuration for a new Amazon RDS DB
--   snapshot or an Amazon RDS DB snapshot that you own by specifying the
--   <tt>RdsDbSnapshotAttributeValue</tt> and optional KMS encryption key.
--   For more information, see <a>ModifyDBSnapshotAttribute</a>.
--   
--   <i>See:</i> <a>newRdsDbSnapshotConfiguration</a> smart constructor.
data RdsDbSnapshotConfiguration
RdsDbSnapshotConfiguration' :: Maybe (HashMap Text RdsDbSnapshotAttributeValue) -> Maybe Text -> RdsDbSnapshotConfiguration

-- | Create a value of <a>RdsDbSnapshotConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:attributes:RdsDbSnapshotConfiguration'</a>,
--   <a>rdsDbSnapshotConfiguration_attributes</a> - The names and values of
--   manual DB snapshot attributes. Manual DB snapshot attributes are used
--   to authorize other Amazon Web Services accounts to restore a manual DB
--   snapshot. The only valid value for <tt>attributeName</tt> for the
--   attribute map is restore.
--   
--   <a>$sel:kmsKeyId:RdsDbSnapshotConfiguration'</a>,
--   <a>rdsDbSnapshotConfiguration_kmsKeyId</a> - The KMS key identifier
--   for an encrypted Amazon RDS DB snapshot. The KMS key identifier is the
--   key ARN, key ID, alias ARN, or alias name for the KMS key.
--   
--   <ul>
--   <li>If the configuration is for an existing Amazon RDS DB snapshot and
--   you do not specify the <tt>kmsKeyId</tt>, or you specify an empty
--   string, then the access preview uses the existing <tt>kmsKeyId</tt> of
--   the snapshot.</li>
--   <li>If the access preview is for a new resource and you do not specify
--   the specify the <tt>kmsKeyId</tt>, then the access preview considers
--   the snapshot as unencrypted.</li>
--   </ul>
newRdsDbSnapshotConfiguration :: RdsDbSnapshotConfiguration

-- | The configuration for an Amazon S3 access point or multi-region access
--   point for the bucket. You can propose up to 10 access points or
--   multi-region access points per bucket. If the proposed Amazon S3
--   access point configuration is for an existing bucket, the access
--   preview uses the proposed access point configuration in place of the
--   existing access points. To propose an access point without a policy,
--   you can provide an empty string as the access point policy. For more
--   information, see <a>Creating access points</a>. For more information
--   about access point policy limits, see <a>Access points restrictions
--   and limitations</a>.
--   
--   <i>See:</i> <a>newS3AccessPointConfiguration</a> smart constructor.
data S3AccessPointConfiguration
S3AccessPointConfiguration' :: Maybe Text -> Maybe NetworkOriginConfiguration -> Maybe S3PublicAccessBlockConfiguration -> S3AccessPointConfiguration

-- | Create a value of <a>S3AccessPointConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accessPointPolicy:S3AccessPointConfiguration'</a>,
--   <a>s3AccessPointConfiguration_accessPointPolicy</a> - The access point
--   or multi-region access point policy.
--   
--   <a>$sel:networkOrigin:S3AccessPointConfiguration'</a>,
--   <a>s3AccessPointConfiguration_networkOrigin</a> - The proposed
--   <tt>Internet</tt> and <tt>VpcConfiguration</tt> to apply to this
--   Amazon S3 access point. <tt>VpcConfiguration</tt> does not apply to
--   multi-region access points. If the access preview is for a new
--   resource and neither is specified, the access preview uses
--   <tt>Internet</tt> for the network origin. If the access preview is for
--   an existing resource and neither is specified, the access preview uses
--   the exiting network origin.
--   
--   <a>$sel:publicAccessBlock:S3AccessPointConfiguration'</a>,
--   <a>s3AccessPointConfiguration_publicAccessBlock</a> - The proposed
--   <tt>S3PublicAccessBlock</tt> configuration to apply to this Amazon S3
--   access point or multi-region access point.
newS3AccessPointConfiguration :: S3AccessPointConfiguration

-- | A proposed access control list grant configuration for an Amazon S3
--   bucket. For more information, see <a>How to Specify an ACL</a>.
--   
--   <i>See:</i> <a>newS3BucketAclGrantConfiguration</a> smart constructor.
data S3BucketAclGrantConfiguration
S3BucketAclGrantConfiguration' :: AclPermission -> AclGrantee -> S3BucketAclGrantConfiguration

-- | Create a value of <a>S3BucketAclGrantConfiguration</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:permission:S3BucketAclGrantConfiguration'</a>,
--   <a>s3BucketAclGrantConfiguration_permission</a> - The permissions
--   being granted.
--   
--   <a>$sel:grantee:S3BucketAclGrantConfiguration'</a>,
--   <a>s3BucketAclGrantConfiguration_grantee</a> - The grantee to whom
--   you’re assigning access rights.
newS3BucketAclGrantConfiguration :: AclPermission -> AclGrantee -> S3BucketAclGrantConfiguration

-- | Proposed access control configuration for an Amazon S3 bucket. You can
--   propose a configuration for a new Amazon S3 bucket or an existing
--   Amazon S3 bucket that you own by specifying the Amazon S3 bucket
--   policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and
--   multi-region access points attached to the bucket. If the
--   configuration is for an existing Amazon S3 bucket and you do not
--   specify the Amazon S3 bucket policy, the access preview uses the
--   existing policy attached to the bucket. If the access preview is for a
--   new resource and you do not specify the Amazon S3 bucket policy, the
--   access preview assumes a bucket without a policy. To propose deletion
--   of an existing bucket policy, you can specify an empty string. For
--   more information about bucket policy limits, see <a>Bucket Policy
--   Examples</a>.
--   
--   <i>See:</i> <a>newS3BucketConfiguration</a> smart constructor.
data S3BucketConfiguration
S3BucketConfiguration' :: Maybe (HashMap Text S3AccessPointConfiguration) -> Maybe [S3BucketAclGrantConfiguration] -> Maybe Text -> Maybe S3PublicAccessBlockConfiguration -> S3BucketConfiguration

-- | Create a value of <a>S3BucketConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:accessPoints:S3BucketConfiguration'</a>,
--   <a>s3BucketConfiguration_accessPoints</a> - The configuration of
--   Amazon S3 access points or multi-region access points for the bucket.
--   You can propose up to 10 new access points per bucket.
--   
--   <a>$sel:bucketAclGrants:S3BucketConfiguration'</a>,
--   <a>s3BucketConfiguration_bucketAclGrants</a> - The proposed list of
--   ACL grants for the Amazon S3 bucket. You can propose up to 100 ACL
--   grants per bucket. If the proposed grant configuration is for an
--   existing bucket, the access preview uses the proposed list of grant
--   configurations in place of the existing grants. Otherwise, the access
--   preview uses the existing grants for the bucket.
--   
--   <a>$sel:bucketPolicy:S3BucketConfiguration'</a>,
--   <a>s3BucketConfiguration_bucketPolicy</a> - The proposed bucket policy
--   for the Amazon S3 bucket.
--   
--   <a>$sel:bucketPublicAccessBlock:S3BucketConfiguration'</a>,
--   <a>s3BucketConfiguration_bucketPublicAccessBlock</a> - The proposed
--   block public access configuration for the Amazon S3 bucket.
newS3BucketConfiguration :: S3BucketConfiguration

-- | The <tt>PublicAccessBlock</tt> configuration to apply to this Amazon
--   S3 bucket. If the proposed configuration is for an existing Amazon S3
--   bucket and the configuration is not specified, the access preview uses
--   the existing setting. If the proposed configuration is for a new
--   bucket and the configuration is not specified, the access preview uses
--   <tt>false</tt>. If the proposed configuration is for a new access
--   point or multi-region access point and the access point BPA
--   configuration is not specified, the access preview uses <tt>true</tt>.
--   For more information, see <a>PublicAccessBlockConfiguration</a>.
--   
--   <i>See:</i> <a>newS3PublicAccessBlockConfiguration</a> smart
--   constructor.
data S3PublicAccessBlockConfiguration
S3PublicAccessBlockConfiguration' :: Bool -> Bool -> S3PublicAccessBlockConfiguration

-- | Create a value of <a>S3PublicAccessBlockConfiguration</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:ignorePublicAcls:S3PublicAccessBlockConfiguration'</a>,
--   <a>s3PublicAccessBlockConfiguration_ignorePublicAcls</a> - Specifies
--   whether Amazon S3 should ignore public ACLs for this bucket and
--   objects in this bucket.
--   
--   <a>$sel:restrictPublicBuckets:S3PublicAccessBlockConfiguration'</a>,
--   <a>s3PublicAccessBlockConfiguration_restrictPublicBuckets</a> -
--   Specifies whether Amazon S3 should restrict public bucket policies for
--   this bucket.
newS3PublicAccessBlockConfiguration :: Bool -> Bool -> S3PublicAccessBlockConfiguration

-- | The configuration for a Secrets Manager secret. For more information,
--   see <a>CreateSecret</a>.
--   
--   You can propose a configuration for a new secret or an existing secret
--   that you own by specifying the secret policy and optional KMS
--   encryption key. If the configuration is for an existing secret and you
--   do not specify the secret policy, the access preview uses the existing
--   policy for the secret. If the access preview is for a new resource and
--   you do not specify the policy, the access preview assumes a secret
--   without a policy. To propose deletion of an existing policy, you can
--   specify an empty string. If the proposed configuration is for a new
--   secret and you do not specify the KMS key ID, the access preview uses
--   the Amazon Web Services managed key <tt>aws/secretsmanager</tt>. If
--   you specify an empty string for the KMS key ID, the access preview
--   uses the Amazon Web Services managed key of the Amazon Web Services
--   account. For more information about secret policy limits, see
--   <a>Quotas for Secrets Manager.</a>.
--   
--   <i>See:</i> <a>newSecretsManagerSecretConfiguration</a> smart
--   constructor.
data SecretsManagerSecretConfiguration
SecretsManagerSecretConfiguration' :: Maybe Text -> Maybe Text -> SecretsManagerSecretConfiguration

-- | Create a value of <a>SecretsManagerSecretConfiguration</a> with all
--   optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:kmsKeyId:SecretsManagerSecretConfiguration'</a>,
--   <a>secretsManagerSecretConfiguration_kmsKeyId</a> - The proposed ARN,
--   key ID, or alias of the KMS key.
--   
--   <a>$sel:secretPolicy:SecretsManagerSecretConfiguration'</a>,
--   <a>secretsManagerSecretConfiguration_secretPolicy</a> - The proposed
--   resource policy defining who can access or manage the secret.
newSecretsManagerSecretConfiguration :: SecretsManagerSecretConfiguration

-- | The proposed access control configuration for an Amazon SNS topic. You
--   can propose a configuration for a new Amazon SNS topic or an existing
--   Amazon SNS topic that you own by specifying the policy. If the
--   configuration is for an existing Amazon SNS topic and you do not
--   specify the Amazon SNS policy, then the access preview uses the
--   existing Amazon SNS policy for the topic. If the access preview is for
--   a new resource and you do not specify the policy, then the access
--   preview assumes an Amazon SNS topic without a policy. To propose
--   deletion of an existing Amazon SNS topic policy, you can specify an
--   empty string for the Amazon SNS policy. For more information, see
--   <a>Topic</a>.
--   
--   <i>See:</i> <a>newSnsTopicConfiguration</a> smart constructor.
data SnsTopicConfiguration
SnsTopicConfiguration' :: Maybe Text -> SnsTopicConfiguration

-- | Create a value of <a>SnsTopicConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:topicPolicy:SnsTopicConfiguration'</a>,
--   <a>snsTopicConfiguration_topicPolicy</a> - The JSON policy text that
--   defines who can access an Amazon SNS topic. For more information, see
--   <a>Example cases for Amazon SNS access control</a> in the <i>Amazon
--   SNS Developer Guide</i>.
newSnsTopicConfiguration :: SnsTopicConfiguration

-- | The criteria used to sort.
--   
--   <i>See:</i> <a>newSortCriteria</a> smart constructor.
data SortCriteria
SortCriteria' :: Maybe Text -> Maybe OrderBy -> SortCriteria

-- | Create a value of <a>SortCriteria</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:attributeName:SortCriteria'</a>,
--   <a>sortCriteria_attributeName</a> - The name of the attribute to sort
--   on.
--   
--   <a>$sel:orderBy:SortCriteria'</a>, <a>sortCriteria_orderBy</a> - The
--   sort order, ascending or descending.
newSortCriteria :: SortCriteria

-- | A span in a policy. The span consists of a start position (inclusive)
--   and end position (exclusive).
--   
--   <i>See:</i> <a>newSpan</a> smart constructor.
data Span
Span' :: Position -> Position -> Span

-- | Create a value of <a>Span</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:start:Span'</a>, <a>span_start</a> - The start position of the
--   span (inclusive).
--   
--   <a>$sel:end:Span'</a>, <a>span_end</a> - The end position of the span
--   (exclusive).
newSpan :: Position -> Position -> Span

-- | The proposed access control configuration for an Amazon SQS queue. You
--   can propose a configuration for a new Amazon SQS queue or an existing
--   Amazon SQS queue that you own by specifying the Amazon SQS policy. If
--   the configuration is for an existing Amazon SQS queue and you do not
--   specify the Amazon SQS policy, the access preview uses the existing
--   Amazon SQS policy for the queue. If the access preview is for a new
--   resource and you do not specify the policy, the access preview assumes
--   an Amazon SQS queue without a policy. To propose deletion of an
--   existing Amazon SQS queue policy, you can specify an empty string for
--   the Amazon SQS policy. For more information about Amazon SQS policy
--   limits, see <a>Quotas related to policies</a>.
--   
--   <i>See:</i> <a>newSqsQueueConfiguration</a> smart constructor.
data SqsQueueConfiguration
SqsQueueConfiguration' :: Maybe Text -> SqsQueueConfiguration

-- | Create a value of <a>SqsQueueConfiguration</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:queuePolicy:SqsQueueConfiguration'</a>,
--   <a>sqsQueueConfiguration_queuePolicy</a> - The proposed resource
--   policy for the Amazon SQS queue.
newSqsQueueConfiguration :: SqsQueueConfiguration

-- | Provides more details about the current status of the analyzer. For
--   example, if the creation for the analyzer fails, a <tt>Failed</tt>
--   status is returned. For an analyzer with organization as the type,
--   this failure can be due to an issue with creating the service-linked
--   roles required in the member accounts of the Amazon Web Services
--   organization.
--   
--   <i>See:</i> <a>newStatusReason</a> smart constructor.
data StatusReason
StatusReason' :: ReasonCode -> StatusReason

-- | Create a value of <a>StatusReason</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:code:StatusReason'</a>, <a>statusReason_code</a> - The reason
--   code for the current status of the analyzer.
newStatusReason :: ReasonCode -> StatusReason

-- | A reference to a substring of a literal string in a JSON document.
--   
--   <i>See:</i> <a>newSubstring</a> smart constructor.
data Substring
Substring' :: Int -> Int -> Substring

-- | Create a value of <a>Substring</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:start:Substring'</a>, <a>substring_start</a> - The start index
--   of the substring, starting from 0.
--   
--   <a>$sel:length:Substring'</a>, <a>substring_length</a> - The length of
--   the substring.
newSubstring :: Int -> Int -> Substring

-- | Contains details about the CloudTrail trail being analyzed to generate
--   a policy.
--   
--   <i>See:</i> <a>newTrail</a> smart constructor.
data Trail
Trail' :: Maybe Bool -> Maybe [Text] -> Text -> Trail

-- | Create a value of <a>Trail</a> with all optional fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:allRegions:Trail'</a>, <a>trail_allRegions</a> - Possible
--   values are <tt>true</tt> or <tt>false</tt>. If set to <tt>true</tt>,
--   IAM Access Analyzer retrieves CloudTrail data from all regions to
--   analyze and generate a policy.
--   
--   <a>$sel:regions:Trail'</a>, <a>trail_regions</a> - A list of regions
--   to get CloudTrail data from and analyze to generate a policy.
--   
--   <a>$sel:cloudTrailArn:Trail'</a>, <a>trail_cloudTrailArn</a> -
--   Specifies the ARN of the trail. The format of a trail ARN is
--   <tt>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</tt>.
newTrail :: Text -> Trail

-- | Contains details about the CloudTrail trail being analyzed to generate
--   a policy.
--   
--   <i>See:</i> <a>newTrailProperties</a> smart constructor.
data TrailProperties
TrailProperties' :: Maybe Bool -> Maybe [Text] -> Text -> TrailProperties

-- | Create a value of <a>TrailProperties</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:allRegions:TrailProperties'</a>,
--   <a>trailProperties_allRegions</a> - Possible values are <tt>true</tt>
--   or <tt>false</tt>. If set to <tt>true</tt>, IAM Access Analyzer
--   retrieves CloudTrail data from all regions to analyze and generate a
--   policy.
--   
--   <a>$sel:regions:TrailProperties'</a>, <a>trailProperties_regions</a> -
--   A list of regions to get CloudTrail data from and analyze to generate
--   a policy.
--   
--   <a>$sel:cloudTrailArn:TrailProperties'</a>,
--   <a>trailProperties_cloudTrailArn</a> - Specifies the ARN of the trail.
--   The format of a trail ARN is
--   <tt>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</tt>.
newTrailProperties :: Text -> TrailProperties

-- | A finding in a policy. Each finding is an actionable recommendation
--   that can be used to improve the policy.
--   
--   <i>See:</i> <a>newValidatePolicyFinding</a> smart constructor.
data ValidatePolicyFinding
ValidatePolicyFinding' :: Text -> ValidatePolicyFindingType -> Text -> Text -> [Location] -> ValidatePolicyFinding

-- | Create a value of <a>ValidatePolicyFinding</a> with all optional
--   fields omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:findingDetails:ValidatePolicyFinding'</a>,
--   <a>validatePolicyFinding_findingDetails</a> - A localized message that
--   explains the finding and provides guidance on how to address it.
--   
--   <a>$sel:findingType:ValidatePolicyFinding'</a>,
--   <a>validatePolicyFinding_findingType</a> - The impact of the finding.
--   
--   Security warnings report when the policy allows access that we
--   consider overly permissive.
--   
--   Errors report when a part of the policy is not functional.
--   
--   Warnings report non-security issues when a policy does not conform to
--   policy writing best practices.
--   
--   Suggestions recommend stylistic improvements in the policy that do not
--   impact access.
--   
--   <a>$sel:issueCode:ValidatePolicyFinding'</a>,
--   <a>validatePolicyFinding_issueCode</a> - The issue code provides an
--   identifier of the issue associated with this finding.
--   
--   <a>$sel:learnMoreLink:ValidatePolicyFinding'</a>,
--   <a>validatePolicyFinding_learnMoreLink</a> - A link to additional
--   documentation about the type of finding.
--   
--   <a>$sel:locations:ValidatePolicyFinding'</a>,
--   <a>validatePolicyFinding_locations</a> - The list of locations in the
--   policy document that are related to the finding. The issue code
--   provides a summary of an issue identified by the finding.
newValidatePolicyFinding :: Text -> ValidatePolicyFindingType -> Text -> Text -> ValidatePolicyFinding

-- | The proposed virtual private cloud (VPC) configuration for the Amazon
--   S3 access point. VPC configuration does not apply to multi-region
--   access points. For more information, see <a>VpcConfiguration</a>.
--   
--   <i>See:</i> <a>newVpcConfiguration</a> smart constructor.
data VpcConfiguration
VpcConfiguration' :: Text -> VpcConfiguration

-- | Create a value of <a>VpcConfiguration</a> with all optional fields
--   omitted.
--   
--   Use <a>generic-lens</a> or <a>optics</a> to modify other optional
--   fields.
--   
--   The following record fields are available, with the corresponding
--   lenses provided for backwards compatibility:
--   
--   <a>$sel:vpcId:VpcConfiguration'</a>, <a>vpcConfiguration_vpcId</a> -
--   If this field is specified, this access point will only allow
--   connections from the specified VPC ID.
newVpcConfiguration :: Text -> VpcConfiguration