MACIE2
AcceptInvitation
valid {
input.Body.administratorAccountId == STRING
input.Body.invitationId == STRING
input.Body.masterAccount == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchGetCustomDataIdentifiers
valid {
input.Body.ids[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchUpdateAutomatedDiscoveryAccounts
enum_AutomatedDiscoveryAccountStatus := [ "ENABLED", "DISABLED" ]
valid {
input.Body.accounts[_].accountId == STRING
input.Body.accounts[_].status == enum_AutomatedDiscoveryAccountStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateAllowList
valid {
input.Body.clientToken == STRING
input.Body.criteria.regex == STRING
input.Body.criteria.s3WordsList.bucketName == STRING
input.Body.criteria.s3WordsList.objectKey == STRING
input.Body.description == STRING
input.Body.name == STRING
input.Body.tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateClassificationJob
enum_DayOfWeek := [ "SUNDAY", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY" ]
enum_JobComparator := [ "EQ", "GT", "GTE", "LT", "LTE", "NE", "CONTAINS", "STARTS_WITH" ]
enum_JobType := [ "ONE_TIME", "SCHEDULED" ]
enum_ManagedDataIdentifierSelector := [ "ALL", "EXCLUDE", "INCLUDE", "NONE", "RECOMMENDED" ]
enum_ScopeFilterKey := [ "OBJECT_EXTENSION", "OBJECT_LAST_MODIFIED_DATE", "OBJECT_SIZE", "OBJECT_KEY" ]
enum_SimpleCriterionKeyForJob := [ "ACCOUNT_ID", "S3_BUCKET_NAME", "S3_BUCKET_EFFECTIVE_PERMISSION", "S3_BUCKET_SHARED_ACCESS" ]
enum_TagTarget := [ "S3_OBJECT" ]
valid {
input.Body.allowListIds[_] == STRING
input.Body.clientToken == STRING
input.Body.customDataIdentifierIds[_] == STRING
input.Body.description == STRING
input.Body.initialRun == BOOLEAN
input.Body.jobType == enum_JobType[_]
input.Body.managedDataIdentifierIds[_] == STRING
input.Body.managedDataIdentifierSelector == enum_ManagedDataIdentifierSelector[_]
input.Body.name == STRING
input.Body.s3JobDefinition.bucketCriteria.excludes.and[_].simpleCriterion.comparator == enum_JobComparator[_]
input.Body.s3JobDefinition.bucketCriteria.excludes.and[_].simpleCriterion.key == enum_SimpleCriterionKeyForJob[_]
input.Body.s3JobDefinition.bucketCriteria.excludes.and[_].simpleCriterion.values[_] == STRING
input.Body.s3JobDefinition.bucketCriteria.excludes.and[_].tagCriterion.comparator == enum_JobComparator[_]
input.Body.s3JobDefinition.bucketCriteria.excludes.and[_].tagCriterion.tagValues[_].key == STRING
input.Body.s3JobDefinition.bucketCriteria.excludes.and[_].tagCriterion.tagValues[_].value == STRING
input.Body.s3JobDefinition.bucketCriteria.includes.and[_].simpleCriterion.comparator == enum_JobComparator[_]
input.Body.s3JobDefinition.bucketCriteria.includes.and[_].simpleCriterion.key == enum_SimpleCriterionKeyForJob[_]
input.Body.s3JobDefinition.bucketCriteria.includes.and[_].simpleCriterion.values[_] == STRING
input.Body.s3JobDefinition.bucketCriteria.includes.and[_].tagCriterion.comparator == enum_JobComparator[_]
input.Body.s3JobDefinition.bucketCriteria.includes.and[_].tagCriterion.tagValues[_].key == STRING
input.Body.s3JobDefinition.bucketCriteria.includes.and[_].tagCriterion.tagValues[_].value == STRING
input.Body.s3JobDefinition.bucketDefinitions[_].accountId == STRING
input.Body.s3JobDefinition.bucketDefinitions[_].buckets[_] == STRING
input.Body.s3JobDefinition.scoping.excludes.and[_].simpleScopeTerm.comparator == enum_JobComparator[_]
input.Body.s3JobDefinition.scoping.excludes.and[_].simpleScopeTerm.key == enum_ScopeFilterKey[_]
input.Body.s3JobDefinition.scoping.excludes.and[_].simpleScopeTerm.values[_] == STRING
input.Body.s3JobDefinition.scoping.excludes.and[_].tagScopeTerm.comparator == enum_JobComparator[_]
input.Body.s3JobDefinition.scoping.excludes.and[_].tagScopeTerm.key == STRING
input.Body.s3JobDefinition.scoping.excludes.and[_].tagScopeTerm.tagValues[_].key == STRING
input.Body.s3JobDefinition.scoping.excludes.and[_].tagScopeTerm.tagValues[_].value == STRING
input.Body.s3JobDefinition.scoping.excludes.and[_].tagScopeTerm.target == enum_TagTarget[_]
input.Body.s3JobDefinition.scoping.includes.and[_].simpleScopeTerm.comparator == enum_JobComparator[_]
input.Body.s3JobDefinition.scoping.includes.and[_].simpleScopeTerm.key == enum_ScopeFilterKey[_]
input.Body.s3JobDefinition.scoping.includes.and[_].simpleScopeTerm.values[_] == STRING
input.Body.s3JobDefinition.scoping.includes.and[_].tagScopeTerm.comparator == enum_JobComparator[_]
input.Body.s3JobDefinition.scoping.includes.and[_].tagScopeTerm.key == STRING
input.Body.s3JobDefinition.scoping.includes.and[_].tagScopeTerm.tagValues[_].key == STRING
input.Body.s3JobDefinition.scoping.includes.and[_].tagScopeTerm.tagValues[_].value == STRING
input.Body.s3JobDefinition.scoping.includes.and[_].tagScopeTerm.target == enum_TagTarget[_]
input.Body.samplingPercentage == INTEGER
input.Body.scheduleFrequency.dailySchedule == {}
input.Body.scheduleFrequency.monthlySchedule.dayOfMonth == INTEGER
input.Body.scheduleFrequency.weeklySchedule.dayOfWeek == enum_DayOfWeek[_]
input.Body.tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateCustomDataIdentifier
enum_DataIdentifierSeverity := [ "LOW", "MEDIUM", "HIGH" ]
valid {
input.Body.clientToken == STRING
input.Body.description == STRING
input.Body.ignoreWords[_] == STRING
input.Body.keywords[_] == STRING
input.Body.maximumMatchDistance == INTEGER
input.Body.name == STRING
input.Body.regex == STRING
input.Body.severityLevels[_].occurrencesThreshold == LONG
input.Body.severityLevels[_].severity == enum_DataIdentifierSeverity[_]
input.Body.tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateFindingsFilter
enum_FindingsFilterAction := [ "ARCHIVE", "NOOP" ]
valid {
input.Body.action == enum_FindingsFilterAction[_]
input.Body.clientToken == STRING
input.Body.description == STRING
input.Body.findingCriteria.criterion.STRING.eq[_] == STRING
input.Body.findingCriteria.criterion.STRING.eqExactMatch[_] == STRING
input.Body.findingCriteria.criterion.STRING.gt == LONG
input.Body.findingCriteria.criterion.STRING.gte == LONG
input.Body.findingCriteria.criterion.STRING.lt == LONG
input.Body.findingCriteria.criterion.STRING.lte == LONG
input.Body.findingCriteria.criterion.STRING.neq[_] == STRING
input.Body.name == STRING
input.Body.position == INTEGER
input.Body.tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateInvitations
valid {
input.Body.accountIds[_] == STRING
input.Body.disableEmailNotification == BOOLEAN
input.Body.message == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateMember
valid {
input.Body.account.accountId == STRING
input.Body.account.email == STRING
input.Body.tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateSampleFindings
enum_FindingType := [ "SensitiveData:S3Object/Multiple", "SensitiveData:S3Object/Financial", "SensitiveData:S3Object/Personal", "SensitiveData:S3Object/Credentials", "SensitiveData:S3Object/CustomIdentifier", "Policy:IAMUser/S3BucketPublic", "Policy:IAMUser/S3BucketSharedExternally", "Policy:IAMUser/S3BucketReplicatedExternally", "Policy:IAMUser/S3BucketEncryptionDisabled", "Policy:IAMUser/S3BlockPublicAccessDisabled", "Policy:IAMUser/S3BucketSharedWithCloudFront" ]
valid {
input.Body.findingTypes[_] == enum_FindingType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeclineInvitations
valid {
input.Body.accountIds[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAllowList
valid {
input.ReqMap.id == STRING
input.Qs.ignoreJobChecks == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteCustomDataIdentifier
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteFindingsFilter
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteInvitations
valid {
input.Body.accountIds[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteMember
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeBuckets
enum_OrderBy := [ "ASC", "DESC" ]
valid {
input.Body.criteria.STRING.eq[_] == STRING
input.Body.criteria.STRING.gt == LONG
input.Body.criteria.STRING.gte == LONG
input.Body.criteria.STRING.lt == LONG
input.Body.criteria.STRING.lte == LONG
input.Body.criteria.STRING.neq[_] == STRING
input.Body.criteria.STRING.prefix == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.Body.sortCriteria.attributeName == STRING
input.Body.sortCriteria.orderBy == enum_OrderBy[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeClassificationJob
valid {
input.ReqMap.jobId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeOrganizationConfiguration
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisableMacie
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisableOrganizationAdminAccount
valid {
input.Qs.adminAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisassociateFromAdministratorAccount
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisassociateFromMasterAccount
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisassociateMember
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
EnableMacie
enum_FindingPublishingFrequency := [ "FIFTEEN_MINUTES", "ONE_HOUR", "SIX_HOURS" ]
enum_MacieStatus := [ "PAUSED", "ENABLED" ]
valid {
input.Body.clientToken == STRING
input.Body.findingPublishingFrequency == enum_FindingPublishingFrequency[_]
input.Body.status == enum_MacieStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
EnableOrganizationAdminAccount
valid {
input.Body.adminAccountId == STRING
input.Body.clientToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAdministratorAccount
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAllowList
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAutomatedDiscoveryConfiguration
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetBucketStatistics
valid {
input.Body.accountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetClassificationExportConfiguration
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetClassificationScope
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetCustomDataIdentifier
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetFindingStatistics
enum_FindingStatisticsSortAttributeName := [ "groupKey", "count" ]
enum_GroupBy := [ "resourcesAffected.s3Bucket.name", "type", "classificationDetails.jobId", "severity.description" ]
enum_OrderBy := [ "ASC", "DESC" ]
valid {
input.Body.findingCriteria.criterion.STRING.eq[_] == STRING
input.Body.findingCriteria.criterion.STRING.eqExactMatch[_] == STRING
input.Body.findingCriteria.criterion.STRING.gt == LONG
input.Body.findingCriteria.criterion.STRING.gte == LONG
input.Body.findingCriteria.criterion.STRING.lt == LONG
input.Body.findingCriteria.criterion.STRING.lte == LONG
input.Body.findingCriteria.criterion.STRING.neq[_] == STRING
input.Body.groupBy == enum_GroupBy[_]
input.Body.size == INTEGER
input.Body.sortCriteria.attributeName == enum_FindingStatisticsSortAttributeName[_]
input.Body.sortCriteria.orderBy == enum_OrderBy[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetFindings
enum_OrderBy := [ "ASC", "DESC" ]
valid {
input.Body.findingIds[_] == STRING
input.Body.sortCriteria.attributeName == STRING
input.Body.sortCriteria.orderBy == enum_OrderBy[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetFindingsFilter
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetFindingsPublicationConfiguration
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetInvitationsCount
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetMacieSession
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetMasterAccount
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetMember
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetResourceProfile
valid {
input.Qs.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetRevealConfiguration
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetSensitiveDataOccurrences
valid {
input.ReqMap.findingId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetSensitiveDataOccurrencesAvailability
valid {
input.ReqMap.findingId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetSensitivityInspectionTemplate
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetUsageStatistics
enum_OrderBy := [ "ASC", "DESC" ]
enum_TimeRange := [ "MONTH_TO_DATE", "PAST_30_DAYS" ]
enum_UsageStatisticsFilterComparator := [ "GT", "GTE", "LT", "LTE", "EQ", "NE", "CONTAINS" ]
enum_UsageStatisticsFilterKey := [ "accountId", "serviceLimit", "freeTrialStartDate", "total" ]
enum_UsageStatisticsSortKey := [ "accountId", "total", "serviceLimitValue", "freeTrialStartDate" ]
valid {
input.Body.filterBy[_].comparator == enum_UsageStatisticsFilterComparator[_]
input.Body.filterBy[_].key == enum_UsageStatisticsFilterKey[_]
input.Body.filterBy[_].values[_] == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.Body.sortBy.key == enum_UsageStatisticsSortKey[_]
input.Body.sortBy.orderBy == enum_OrderBy[_]
input.Body.timeRange == enum_TimeRange[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetUsageTotals
valid {
input.Qs.timeRange == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAllowLists
valid {
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAutomatedDiscoveryAccounts
valid {
input.Qs.accountIds[_] == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListClassificationJobs
enum_JobComparator := [ "EQ", "GT", "GTE", "LT", "LTE", "NE", "CONTAINS", "STARTS_WITH" ]
enum_ListJobsFilterKey := [ "jobType", "jobStatus", "createdAt", "name" ]
enum_ListJobsSortAttributeName := [ "createdAt", "jobStatus", "name", "jobType" ]
enum_OrderBy := [ "ASC", "DESC" ]
valid {
input.Body.filterCriteria.excludes[_].comparator == enum_JobComparator[_]
input.Body.filterCriteria.excludes[_].key == enum_ListJobsFilterKey[_]
input.Body.filterCriteria.excludes[_].values[_] == STRING
input.Body.filterCriteria.includes[_].comparator == enum_JobComparator[_]
input.Body.filterCriteria.includes[_].key == enum_ListJobsFilterKey[_]
input.Body.filterCriteria.includes[_].values[_] == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.Body.sortCriteria.attributeName == enum_ListJobsSortAttributeName[_]
input.Body.sortCriteria.orderBy == enum_OrderBy[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListClassificationScopes
valid {
input.Qs.name == STRING
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListCustomDataIdentifiers
valid {
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListFindings
enum_OrderBy := [ "ASC", "DESC" ]
valid {
input.Body.findingCriteria.criterion.STRING.eq[_] == STRING
input.Body.findingCriteria.criterion.STRING.eqExactMatch[_] == STRING
input.Body.findingCriteria.criterion.STRING.gt == LONG
input.Body.findingCriteria.criterion.STRING.gte == LONG
input.Body.findingCriteria.criterion.STRING.lt == LONG
input.Body.findingCriteria.criterion.STRING.lte == LONG
input.Body.findingCriteria.criterion.STRING.neq[_] == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.Body.sortCriteria.attributeName == STRING
input.Body.sortCriteria.orderBy == enum_OrderBy[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListFindingsFilters
valid {
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListInvitations
valid {
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListManagedDataIdentifiers
valid {
input.Body.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListMembers
valid {
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.Qs.onlyAssociated == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListOrganizationAdminAccounts
valid {
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListResourceProfileArtifacts
valid {
input.Qs.nextToken == STRING
input.Qs.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListResourceProfileDetections
valid {
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.Qs.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListSensitivityInspectionTemplates
valid {
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTagsForResource
valid {
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutClassificationExportConfiguration
valid {
input.Body.configuration.s3Destination.bucketName == STRING
input.Body.configuration.s3Destination.keyPrefix == STRING
input.Body.configuration.s3Destination.kmsKeyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutFindingsPublicationConfiguration
valid {
input.Body.clientToken == STRING
input.Body.securityHubConfiguration.publishClassificationFindings == BOOLEAN
input.Body.securityHubConfiguration.publishPolicyFindings == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SearchResources
enum_OrderBy := [ "ASC", "DESC" ]
enum_SearchResourcesComparator := [ "EQ", "NE" ]
enum_SearchResourcesSimpleCriterionKey := [ "ACCOUNT_ID", "S3_BUCKET_NAME", "S3_BUCKET_EFFECTIVE_PERMISSION", "S3_BUCKET_SHARED_ACCESS", "AUTOMATED_DISCOVERY_MONITORING_STATUS" ]
enum_SearchResourcesSortAttributeName := [ "ACCOUNT_ID", "RESOURCE_NAME", "S3_CLASSIFIABLE_OBJECT_COUNT", "S3_CLASSIFIABLE_SIZE_IN_BYTES" ]
valid {
input.Body.bucketCriteria.excludes.and[_].simpleCriterion.comparator == enum_SearchResourcesComparator[_]
input.Body.bucketCriteria.excludes.and[_].simpleCriterion.key == enum_SearchResourcesSimpleCriterionKey[_]
input.Body.bucketCriteria.excludes.and[_].simpleCriterion.values[_] == STRING
input.Body.bucketCriteria.excludes.and[_].tagCriterion.comparator == enum_SearchResourcesComparator[_]
input.Body.bucketCriteria.excludes.and[_].tagCriterion.tagValues[_].key == STRING
input.Body.bucketCriteria.excludes.and[_].tagCriterion.tagValues[_].value == STRING
input.Body.bucketCriteria.includes.and[_].simpleCriterion.comparator == enum_SearchResourcesComparator[_]
input.Body.bucketCriteria.includes.and[_].simpleCriterion.key == enum_SearchResourcesSimpleCriterionKey[_]
input.Body.bucketCriteria.includes.and[_].simpleCriterion.values[_] == STRING
input.Body.bucketCriteria.includes.and[_].tagCriterion.comparator == enum_SearchResourcesComparator[_]
input.Body.bucketCriteria.includes.and[_].tagCriterion.tagValues[_].key == STRING
input.Body.bucketCriteria.includes.and[_].tagCriterion.tagValues[_].value == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.Body.sortCriteria.attributeName == enum_SearchResourcesSortAttributeName[_]
input.Body.sortCriteria.orderBy == enum_OrderBy[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.tags.STRING == STRING
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TestCustomDataIdentifier
valid {
input.Body.ignoreWords[_] == STRING
input.Body.keywords[_] == STRING
input.Body.maximumMatchDistance == INTEGER
input.Body.regex == STRING
input.Body.sampleText == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.ReqMap.resourceArn == STRING
input.Qs.tagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateAllowList
valid {
input.Body.criteria.regex == STRING
input.Body.criteria.s3WordsList.bucketName == STRING
input.Body.criteria.s3WordsList.objectKey == STRING
input.Body.description == STRING
input.Body.name == STRING
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateAutomatedDiscoveryConfiguration
enum_AutoEnableMode := [ "ALL", "NEW", "NONE" ]
enum_AutomatedDiscoveryStatus := [ "ENABLED", "DISABLED" ]
valid {
input.Body.autoEnableOrganizationMembers == enum_AutoEnableMode[_]
input.Body.status == enum_AutomatedDiscoveryStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateClassificationJob
enum_JobStatus := [ "RUNNING", "PAUSED", "CANCELLED", "COMPLETE", "IDLE", "USER_PAUSED" ]
valid {
input.Body.jobStatus == enum_JobStatus[_]
input.ReqMap.jobId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateClassificationScope
enum_ClassificationScopeUpdateOperation := [ "ADD", "REPLACE", "REMOVE" ]
valid {
input.Body.s3.excludes.bucketNames[_] == STRING
input.Body.s3.excludes.operation == enum_ClassificationScopeUpdateOperation[_]
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateFindingsFilter
enum_FindingsFilterAction := [ "ARCHIVE", "NOOP" ]
valid {
input.Body.action == enum_FindingsFilterAction[_]
input.Body.clientToken == STRING
input.Body.description == STRING
input.Body.findingCriteria.criterion.STRING.eq[_] == STRING
input.Body.findingCriteria.criterion.STRING.eqExactMatch[_] == STRING
input.Body.findingCriteria.criterion.STRING.gt == LONG
input.Body.findingCriteria.criterion.STRING.gte == LONG
input.Body.findingCriteria.criterion.STRING.lt == LONG
input.Body.findingCriteria.criterion.STRING.lte == LONG
input.Body.findingCriteria.criterion.STRING.neq[_] == STRING
input.Body.name == STRING
input.Body.position == INTEGER
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateMacieSession
enum_FindingPublishingFrequency := [ "FIFTEEN_MINUTES", "ONE_HOUR", "SIX_HOURS" ]
enum_MacieStatus := [ "PAUSED", "ENABLED" ]
valid {
input.Body.findingPublishingFrequency == enum_FindingPublishingFrequency[_]
input.Body.status == enum_MacieStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateMemberSession
enum_MacieStatus := [ "PAUSED", "ENABLED" ]
valid {
input.Body.status == enum_MacieStatus[_]
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateOrganizationConfiguration
valid {
input.Body.autoEnable == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateResourceProfile
valid {
input.Body.sensitivityScoreOverride == INTEGER
input.Qs.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateResourceProfileDetections
enum_DataIdentifierType := [ "CUSTOM", "MANAGED" ]
valid {
input.Body.suppressDataIdentifiers[_].id == STRING
input.Body.suppressDataIdentifiers[_].type == enum_DataIdentifierType[_]
input.Qs.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateRevealConfiguration
enum_RetrievalMode := [ "CALLER_CREDENTIALS", "ASSUME_ROLE" ]
enum_RevealStatus := [ "ENABLED", "DISABLED" ]
valid {
input.Body.configuration.kmsKeyId == STRING
input.Body.configuration.status == enum_RevealStatus[_]
input.Body.retrievalConfiguration.retrievalMode == enum_RetrievalMode[_]
input.Body.retrievalConfiguration.roleName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateSensitivityInspectionTemplate
valid {
input.Body.description == STRING
input.Body.excludes.managedDataIdentifierIds[_] == STRING
input.Body.includes.allowListIds[_] == STRING
input.Body.includes.customDataIdentifierIds[_] == STRING
input.Body.includes.managedDataIdentifierIds[_] == STRING
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 5 days ago