// Code generated by smithy-go-codegen DO NOT EDIT.

package types

import (
	smithydocument "github.com/aws/smithy-go/document"
	"time"
)

// Provides information about the permissions settings of the bucket-level access
// control list (ACL) for an S3 bucket.
type AccessControlList struct {

	// Specifies whether the ACL grants the general public with read access
	// permissions for the bucket.
	AllowsPublicReadAccess *bool

	// Specifies whether the ACL grants the general public with write access
	// permissions for the bucket.
	AllowsPublicWriteAccess *bool

	noSmithyDocumentSerde
}

// Specifies the details of an account to associate with an Amazon Macie
// administrator account.
type AccountDetail struct {

	// The Amazon Web Services account ID for the account.
	//
	// This member is required.
	AccountId *string

	// The email address for the account.
	//
	// This member is required.
	Email *string

	noSmithyDocumentSerde
}

// Provides information about the account-level permissions settings that apply to
// an S3 bucket.
type AccountLevelPermissions struct {

	// The block public access settings for the Amazon Web Services account that owns
	// the bucket.
	BlockPublicAccess *BlockPublicAccess

	noSmithyDocumentSerde
}

// Provides information about the delegated Amazon Macie administrator account for
// an organization in Organizations.
type AdminAccount struct {

	// The Amazon Web Services account ID for the account.
	AccountId *string

	// The current status of the account as the delegated Amazon Macie administrator
	// account for the organization.
	Status AdminStatus

	noSmithyDocumentSerde
}

// Specifies the criteria for an allow list. The criteria must specify a regular
// expression (regex) or an S3 object (s3WordsList). It can't specify both.
type AllowListCriteria struct {

	// The regular expression (regex) that defines the text pattern to ignore. The
	// expression can contain as many as 512 characters.
	Regex *string

	// The location and name of the S3 object that lists specific text to ignore.
	S3WordsList *S3WordsList

	noSmithyDocumentSerde
}

// Provides information about the current status of an allow list, which indicates
// whether Amazon Macie can access and use the list's criteria.
type AllowListStatus struct {

	// The current status of the allow list. If the list's criteria specify a regular
	// expression (regex), this value is typically OK. Amazon Macie can compile the
	// expression. If the list's criteria specify an S3 object, possible values are:
	//   - OK - Macie can retrieve and parse the contents of the object.
	//   - S3_OBJECT_ACCESS_DENIED - Macie isn't allowed to access the object or the
	//   object is encrypted with a customer managed KMS key that Macie isn't allowed to
	//   use. Check the bucket policy and other permissions settings for the bucket and
	//   the object. If the object is encrypted, also ensure that it's encrypted with a
	//   key that Macie is allowed to use.
	//   - S3_OBJECT_EMPTY - Macie can retrieve the object but the object doesn't
	//   contain any content. Ensure that the object contains the correct entries. Also
	//   ensure that the list's criteria specify the correct bucket and object names.
	//   - S3_OBJECT_NOT_FOUND - The object doesn't exist in Amazon S3. Ensure that
	//   the list's criteria specify the correct bucket and object names.
	//   - S3_OBJECT_OVERSIZE - Macie can retrieve the object. However, the object
	//   contains too many entries or its storage size exceeds the quota for an allow
	//   list. Try breaking the list into multiple files and ensure that each file
	//   doesn't exceed any quotas. Then configure list settings in Macie for each file.
	//   - S3_THROTTLED - Amazon S3 throttled the request to retrieve the object. Wait
	//   a few minutes and then try again.
	//   - S3_USER_ACCESS_DENIED - Amazon S3 denied the request to retrieve the
	//   object. If the specified object exists, you're not allowed to access it or it's
	//   encrypted with an KMS key that you're not allowed to use. Work with your Amazon
	//   Web Services administrator to ensure that the list's criteria specify the
	//   correct bucket and object names, and you have read access to the bucket and the
	//   object. If the object is encrypted, also ensure that it's encrypted with a key
	//   that you're allowed to use.
	//   - UNKNOWN_ERROR - A transient or internal error occurred when Macie attempted
	//   to retrieve or parse the object. Wait a few minutes and then try again. A list
	//   can also have this status if it's encrypted with a key that Amazon S3 and Macie
	//   can't access or use.
	//
	// This member is required.
	Code AllowListStatusCode

	// A brief description of the status of the allow list. Amazon Macie uses this
	// value to provide additional information about an error that occurred when Macie
	// tried to access and use the list's criteria.
	Description *string

	noSmithyDocumentSerde
}

// Provides a subset of information about an allow list.
type AllowListSummary struct {

	// The Amazon Resource Name (ARN) of the allow list.
	Arn *string

	// The date and time, in UTC and extended ISO 8601 format, when the allow list was
	// created in Amazon Macie.
	CreatedAt *time.Time

	// The custom description of the allow list.
	Description *string

	// The unique identifier for the allow list.
	Id *string

	// The custom name of the allow list.
	Name *string

	// The date and time, in UTC and extended ISO 8601 format, when the allow list's
	// settings were most recently changed in Amazon Macie.
	UpdatedAt *time.Time

	noSmithyDocumentSerde
}

// Provides information about an API operation that an entity invoked for an
// affected resource.
type ApiCallDetails struct {

	// The name of the operation that was invoked most recently and produced the
	// finding.
	Api *string

	// The URL of the Amazon Web Service that provides the operation, for example:
	// s3.amazonaws.com.
	ApiServiceName *string

	// The first date and time, in UTC and extended ISO 8601 format, when any
	// operation was invoked and produced the finding.
	FirstSeen *time.Time

	// The most recent date and time, in UTC and extended ISO 8601 format, when the
	// specified operation (api) was invoked and produced the finding.
	LastSeen *time.Time

	noSmithyDocumentSerde
}

// Provides information about an identity that performed an action on an affected
// resource by using temporary security credentials. The credentials were obtained
// using the AssumeRole operation of the Security Token Service (STS) API.
type AssumedRole struct {

	// The Amazon Web Services access key ID that identifies the credentials.
	AccessKeyId *string

	// The unique identifier for the Amazon Web Services account that owns the entity
	// that was used to get the credentials.
	AccountId *string

	// The Amazon Resource Name (ARN) of the entity that was used to get the
	// credentials.
	Arn *string

	// The unique identifier for the entity that was used to get the credentials.
	PrincipalId *string

	// The details of the session that was created for the credentials, including the
	// entity that issued the session.
	SessionContext *SessionContext

	noSmithyDocumentSerde
}

// Provides information about an Amazon Web Services account and entity that
// performed an action on an affected resource. The action was performed using the
// credentials for an Amazon Web Services account other than your own account.
type AwsAccount struct {

	// The unique identifier for the Amazon Web Services account.
	AccountId *string

	// The unique identifier for the entity that performed the action.
	PrincipalId *string

	noSmithyDocumentSerde
}

// Provides information about an Amazon Web Service that performed an action on an
// affected resource.
type AwsService struct {

	// The name of the Amazon Web Service that performed the action.
	InvokedBy *string

	noSmithyDocumentSerde
}

// Provides information about a custom data identifier.
type BatchGetCustomDataIdentifierSummary struct {

	// The Amazon Resource Name (ARN) of the custom data identifier.
	Arn *string

	// The date and time, in UTC and extended ISO 8601 format, when the custom data
	// identifier was created.
	CreatedAt *time.Time

	// Specifies whether the custom data identifier was deleted. If you delete a
	// custom data identifier, Amazon Macie doesn't delete it permanently. Instead, it
	// soft deletes the identifier.
	Deleted *bool

	// The custom description of the custom data identifier.
	Description *string

	// The unique identifier for the custom data identifier.
	Id *string

	// The custom name of the custom data identifier.
	Name *string

	noSmithyDocumentSerde
}

// Provides information about the block public access settings for an S3 bucket.
// These settings can apply to a bucket at the account or bucket level. For
// detailed information about each setting, see Blocking public access to your
// Amazon S3 storage (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html)
// in the Amazon Simple Storage Service User Guide.
type BlockPublicAccess struct {

	// Specifies whether Amazon S3 blocks public access control lists (ACLs) for the
	// bucket and objects in the bucket.
	BlockPublicAcls *bool

	// Specifies whether Amazon S3 blocks public bucket policies for the bucket.
	BlockPublicPolicy *bool

	// Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in
	// the bucket.
	IgnorePublicAcls *bool

	// Specifies whether Amazon S3 restricts public bucket policies for the bucket.
	RestrictPublicBuckets *bool

	noSmithyDocumentSerde
}

// Provides information about the number of S3 buckets that are publicly
// accessible due to a combination of permissions settings for each bucket.
type BucketCountByEffectivePermission struct {

	// The total number of buckets that allow the general public to have read or write
	// access to the bucket.
	PubliclyAccessible *int64

	// The total number of buckets that allow the general public to have read access
	// to the bucket.
	PubliclyReadable *int64

	// The total number of buckets that allow the general public to have write access
	// to the bucket.
	PubliclyWritable *int64

	// The total number of buckets that Amazon Macie wasn't able to evaluate
	// permissions settings for. Macie can't determine whether these buckets are
	// publicly accessible.
	Unknown *int64

	noSmithyDocumentSerde
}

// Provides information about the number of S3 buckets whose settings do or don't
// specify default server-side encryption behavior for objects that are added to
// the buckets. For detailed information about these settings, see Setting default
// server-side encryption behavior for Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html)
// in the Amazon Simple Storage Service User Guide.
type BucketCountByEncryptionType struct {

	// The total number of buckets whose default encryption settings are configured to
	// encrypt new objects with an Amazon Web Services managed KMS key or a customer
	// managed KMS key. By default, these buckets encrypt new objects automatically
	// using SSE-KMS encryption.
	KmsManaged *int64

	// The total number of buckets whose default encryption settings are configured to
	// encrypt new objects with an Amazon S3 managed key. By default, these buckets
	// encrypt new objects automatically using SSE-S3 encryption.
	S3Managed *int64

	// The total number of buckets that don't specify default server-side encryption
	// behavior for new objects. Default encryption settings aren't configured for
	// these buckets.
	Unencrypted *int64

	// The total number of buckets that Amazon Macie doesn't have current encryption
	// metadata for. Macie can't provide current data about the default encryption
	// settings for these buckets.
	Unknown *int64

	noSmithyDocumentSerde
}

// Provides information about the number of S3 buckets that are or aren't shared
// with other Amazon Web Services accounts, Amazon CloudFront origin access
// identities (OAIs), or CloudFront origin access controls (OACs). In this data, an
// Amazon Macie organization is defined as a set of Macie accounts that are
// centrally managed as a group of related accounts through Organizations or by
// Macie invitation.
type BucketCountBySharedAccessType struct {

	// The total number of buckets that are shared with one or more of the following
	// or any combination of the following: an Amazon CloudFront OAI, a CloudFront OAC,
	// or an Amazon Web Services account that isn't in the same Amazon Macie
	// organization.
	External *int64

	// The total number of buckets that are shared with one or more Amazon Web
	// Services accounts in the same Amazon Macie organization. These buckets aren't
	// shared with Amazon CloudFront OAIs or OACs.
	Internal *int64

	// The total number of buckets that aren't shared with other Amazon Web Services
	// accounts, Amazon CloudFront OAIs, or CloudFront OACs.
	NotShared *int64

	// The total number of buckets that Amazon Macie wasn't able to evaluate shared
	// access settings for. Macie can't determine whether these buckets are shared with
	// other Amazon Web Services accounts, Amazon CloudFront OAIs, or CloudFront OACs.
	Unknown *int64

	noSmithyDocumentSerde
}

// Provides information about the number of S3 buckets whose bucket policies do or
// don't require server-side encryption of objects when objects are added to the
// buckets.
type BucketCountPolicyAllowsUnencryptedObjectUploads struct {

	// The total number of buckets that don't have a bucket policy or have a bucket
	// policy that doesn't require server-side encryption of new objects. If a bucket
	// policy exists, the policy doesn't require PutObject requests to include a valid
	// server-side encryption header: the x-amz-server-side-encryption header with a
	// value of AES256 or aws:kms, or the
	// x-amz-server-side-encryption-customer-algorithm header with a value of AES256.
	AllowsUnencryptedObjectUploads *int64

	// The total number of buckets whose bucket policies require server-side
	// encryption of new objects. PutObject requests for these buckets must include a
	// valid server-side encryption header: the x-amz-server-side-encryption header
	// with a value of AES256 or aws:kms, or the
	// x-amz-server-side-encryption-customer-algorithm header with a value of AES256.
	DeniesUnencryptedObjectUploads *int64

	// The total number of buckets that Amazon Macie wasn't able to evaluate
	// server-side encryption requirements for. Macie can't determine whether the
	// bucket policies for these buckets require server-side encryption of new objects.
	Unknown *int64

	noSmithyDocumentSerde
}

// Specifies the operator to use in a property-based condition that filters the
// results of a query for information about S3 buckets.
type BucketCriteriaAdditionalProperties struct {

	// The value for the property matches (equals) the specified value. If you specify
	// multiple values, Amazon Macie uses OR logic to join the values.
	Eq []string

	// The value for the property is greater than the specified value.
	Gt *int64

	// The value for the property is greater than or equal to the specified value.
	Gte *int64

	// The value for the property is less than the specified value.
	Lt *int64

	// The value for the property is less than or equal to the specified value.
	Lte *int64

	// The value for the property doesn't match (doesn't equal) the specified value.
	// If you specify multiple values, Amazon Macie uses OR logic to join the values.
	Neq []string

	// The name of the bucket begins with the specified value.
	Prefix *string

	noSmithyDocumentSerde
}

// Provides information about the bucket-level permissions settings for an S3
// bucket.
type BucketLevelPermissions struct {

	// The permissions settings of the access control list (ACL) for the bucket. This
	// value is null if an ACL hasn't been defined for the bucket.
	AccessControlList *AccessControlList

	// The block public access settings for the bucket.
	BlockPublicAccess *BlockPublicAccess

	// The permissions settings of the bucket policy for the bucket. This value is
	// null if a bucket policy hasn't been defined for the bucket.
	BucketPolicy *BucketPolicy

	noSmithyDocumentSerde
}

// Provides statistical data and other information about an S3 bucket that Amazon
// Macie monitors and analyzes for your account. By default, object count and
// storage size values include data for object parts that are the result of
// incomplete multipart uploads. For more information, see How Macie monitors
// Amazon S3 data security (https://docs.aws.amazon.com/macie/latest/user/monitoring-s3-how-it-works.html)
// in the Amazon Macie User Guide. If an error occurs when Macie attempts to
// retrieve and process metadata from Amazon S3 for the bucket or the bucket's
// objects, the value for the versioning property is false and the value for most
// other properties is null. Key exceptions are accountId, bucketArn,
// bucketCreatedAt, bucketName, lastUpdated, and region. To identify the cause of
// the error, refer to the errorCode and errorMessage values.
type BucketMetadata struct {

	// The unique identifier for the Amazon Web Services account that owns the bucket.
	AccountId *string

	// Specifies whether the bucket policy for the bucket requires server-side
	// encryption of objects when objects are added to the bucket. Possible values are:
	//
	//   - FALSE - The bucket policy requires server-side encryption of new objects.
	//   PutObject requests must include a valid server-side encryption header.
	//   - TRUE - The bucket doesn't have a bucket policy or it has a bucket policy
	//   that doesn't require server-side encryption of new objects. If a bucket policy
	//   exists, it doesn't require PutObject requests to include a valid server-side
	//   encryption header.
	//   - UNKNOWN - Amazon Macie can't determine whether the bucket policy requires
	//   server-side encryption of new objects.
	// Valid server-side encryption headers are: x-amz-server-side-encryption with a
	// value of AES256 or aws:kms, and x-amz-server-side-encryption-customer-algorithm
	// with a value of AES256.
	AllowsUnencryptedObjectUploads AllowsUnencryptedObjectUploads

	// The Amazon Resource Name (ARN) of the bucket.
	BucketArn *string

	// The date and time, in UTC and extended ISO 8601 format, when the bucket was
	// created. This value can also indicate when changes such as edits to the bucket's
	// policy were most recently made to the bucket.
	BucketCreatedAt *time.Time

	// The name of the bucket.
	BucketName *string

	// The total number of objects that Amazon Macie can analyze in the bucket. These
	// objects use a supported storage class and have a file name extension for a
	// supported file or storage format.
	ClassifiableObjectCount *int64

	// The total storage size, in bytes, of the objects that Amazon Macie can analyze
	// in the bucket. These objects use a supported storage class and have a file name
	// extension for a supported file or storage format. If versioning is enabled for
	// the bucket, Macie calculates this value based on the size of the latest version
	// of each applicable object in the bucket. This value doesn't reflect the storage
	// size of all versions of each applicable object in the bucket.
	ClassifiableSizeInBytes *int64

	// The error code for an error that prevented Amazon Macie from retrieving and
	// processing information about the bucket and the bucket's objects. If this value
	// is ACCESS_DENIED, Macie doesn't have permission to retrieve the information. For
	// example, the bucket has a restrictive bucket policy and Amazon S3 denied the
	// request. If this value is null, Macie was able to retrieve and process the
	// information.
	ErrorCode BucketMetadataErrorCode

	// A brief description of the error (errorCode) that prevented Amazon Macie from
	// retrieving and processing information about the bucket and the bucket's objects.
	// This value is null if Macie was able to retrieve and process the information.
	ErrorMessage *string

	// Specifies whether any one-time or recurring classification jobs are configured
	// to analyze data in the bucket, and, if so, the details of the job that ran most
	// recently.
	JobDetails *JobDetails

	// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most
	// recently analyzed data in the bucket while performing automated sensitive data
	// discovery for your account. This value is null if automated sensitive data
	// discovery is currently disabled for your account.
	LastAutomatedDiscoveryTime *time.Time

	// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most
	// recently retrieved bucket or object metadata from Amazon S3 for the bucket.
	LastUpdated *time.Time

	// The total number of objects in the bucket.
	ObjectCount *int64

	// The total number of objects in the bucket, grouped by server-side encryption
	// type. This includes a grouping that reports the total number of objects that
	// aren't encrypted or use client-side encryption.
	ObjectCountByEncryptionType *ObjectCountByEncryptionType

	// Specifies whether the bucket is publicly accessible due to the combination of
	// permissions settings that apply to the bucket, and provides information about
	// those settings.
	PublicAccess *BucketPublicAccess

	// The Amazon Web Services Region that hosts the bucket.
	Region *string

	// Specifies whether the bucket is configured to replicate one or more objects to
	// buckets for other Amazon Web Services accounts and, if so, which accounts.
	ReplicationDetails *ReplicationDetails

	// The sensitivity score for the bucket, ranging from -1 (classification error) to
	// 100 (sensitive). This value is null if automated sensitive data discovery is
	// currently disabled for your account.
	SensitivityScore *int32

	// The default server-side encryption settings for the bucket.
	ServerSideEncryption *BucketServerSideEncryption

	// Specifies whether the bucket is shared with another Amazon Web Services
	// account, an Amazon CloudFront origin access identity (OAI), or a CloudFront
	// origin access control (OAC). Possible values are:
	//   - EXTERNAL - The bucket is shared with one or more of the following or any
	//   combination of the following: a CloudFront OAI, a CloudFront OAC, or an Amazon
	//   Web Services account that isn't part of your Amazon Macie organization.
	//   - INTERNAL - The bucket is shared with one or more Amazon Web Services
	//   accounts that are part of your Amazon Macie organization. It isn't shared with a
	//   CloudFront OAI or OAC.
	//   - NOT_SHARED - The bucket isn't shared with another Amazon Web Services
	//   account, a CloudFront OAI, or a CloudFront OAC.
	//   - UNKNOWN - Amazon Macie wasn't able to evaluate the shared access settings
	//   for the bucket.
	// An Amazon Macie organization is a set of Macie accounts that are centrally
	// managed as a group of related accounts through Organizations or by Macie
	// invitation.
	SharedAccess SharedAccess

	// The total storage size, in bytes, of the bucket. If versioning is enabled for
	// the bucket, Amazon Macie calculates this value based on the size of the latest
	// version of each object in the bucket. This value doesn't reflect the storage
	// size of all versions of each object in the bucket.
	SizeInBytes *int64

	// The total storage size, in bytes, of the objects that are compressed (.gz,
	// .gzip, .zip) files in the bucket. If versioning is enabled for the bucket,
	// Amazon Macie calculates this value based on the size of the latest version of
	// each applicable object in the bucket. This value doesn't reflect the storage
	// size of all versions of each applicable object in the bucket.
	SizeInBytesCompressed *int64

	// An array that specifies the tags (keys and values) that are associated with the
	// bucket.
	Tags []KeyValuePair

	// The total number of objects that Amazon Macie can't analyze in the bucket.
	// These objects don't use a supported storage class or don't have a file name
	// extension for a supported file or storage format.
	UnclassifiableObjectCount *ObjectLevelStatistics

	// The total storage size, in bytes, of the objects that Amazon Macie can't
	// analyze in the bucket. These objects don't use a supported storage class or
	// don't have a file name extension for a supported file or storage format.
	UnclassifiableObjectSizeInBytes *ObjectLevelStatistics

	// Specifies whether versioning is enabled for the bucket.
	Versioning *bool

	noSmithyDocumentSerde
}

// Provides information about the account-level and bucket-level permissions
// settings for an S3 bucket.
type BucketPermissionConfiguration struct {

	// The account-level permissions settings that apply to the bucket.
	AccountLevelPermissions *AccountLevelPermissions

	// The bucket-level permissions settings for the bucket.
	BucketLevelPermissions *BucketLevelPermissions

	noSmithyDocumentSerde
}

// Provides information about the permissions settings of the bucket policy for an
// S3 bucket.
type BucketPolicy struct {

	// Specifies whether the bucket policy allows the general public to have read
	// access to the bucket.
	AllowsPublicReadAccess *bool

	// Specifies whether the bucket policy allows the general public to have write
	// access to the bucket.
	AllowsPublicWriteAccess *bool

	noSmithyDocumentSerde
}

// Provides information about the permissions settings that determine whether an
// S3 bucket is publicly accessible.
type BucketPublicAccess struct {

	// Specifies whether the bucket is publicly accessible due to the combination of
	// permissions settings that apply to the bucket. Possible values are:
	//   - NOT_PUBLIC - The bucket isn't publicly accessible.
	//   - PUBLIC - The bucket is publicly accessible.
	//   - UNKNOWN - Amazon Macie can't determine whether the bucket is publicly
	//   accessible.
	EffectivePermission EffectivePermission

	// The account-level and bucket-level permissions settings for the bucket.
	PermissionConfiguration *BucketPermissionConfiguration

	noSmithyDocumentSerde
}

// Provides information about the default server-side encryption settings for an
// S3 bucket. For detailed information about these settings, see Setting default
// server-side encryption behavior for Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html)
// in the Amazon Simple Storage Service User Guide.
type BucketServerSideEncryption struct {

	// The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS key
	// that's used by default to encrypt objects that are added to the bucket. This
	// value is null if the bucket is configured to use an Amazon S3 managed key to
	// encrypt new objects.
	KmsMasterKeyId *string

	// The server-side encryption algorithm that's used by default to encrypt objects
	// that are added to the bucket. Possible values are:
	//   - AES256 - New objects are encrypted with an Amazon S3 managed key. They use
	//   SSE-S3 encryption.
	//   - aws:kms - New objects are encrypted with an KMS key (kmsMasterKeyId),
	//   either an Amazon Web Services managed key or a customer managed key. They use
	//   SSE-KMS encryption.
	//   - NONE - The bucket's default encryption settings don't specify server-side
	//   encryption behavior for new objects.
	Type Type

	noSmithyDocumentSerde
}

// Specifies criteria for sorting the results of a query for information about S3
// buckets.
type BucketSortCriteria struct {

	// The name of the bucket property to sort the results by. This value can be one
	// of the following properties that Amazon Macie defines as bucket metadata:
	// accountId, bucketName, classifiableObjectCount, classifiableSizeInBytes,
	// objectCount, sensitivityScore, or sizeInBytes.
	AttributeName *string

	// The sort order to apply to the results, based on the value specified by the
	// attributeName property. Valid values are: ASC, sort the results in ascending
	// order; and, DESC, sort the results in descending order.
	OrderBy OrderBy

	noSmithyDocumentSerde
}

// Provides aggregated statistical data for sensitive data discovery metrics that
// apply to S3 buckets, grouped by bucket sensitivity score (sensitivityScore). If
// automated sensitive data discovery is currently disabled for your account, the
// value for each metric is 0.
type BucketStatisticsBySensitivity struct {

	// The aggregated statistical data for all buckets that have a sensitivity score
	// of -1.
	ClassificationError *SensitivityAggregations

	// The aggregated statistical data for all buckets that have a sensitivity score
	// of 50.
	NotClassified *SensitivityAggregations

	// The aggregated statistical data for all buckets that have a sensitivity score
	// of 1-49.
	NotSensitive *SensitivityAggregations

	// The aggregated statistical data for all buckets that have a sensitivity score
	// of 51-100.
	Sensitive *SensitivityAggregations

	noSmithyDocumentSerde
}

// Specifies the location of an occurrence of sensitive data in a Microsoft Excel
// workbook, CSV file, or TSV file.
type Cell struct {

	// The location of the cell, as an absolute cell reference, that contains the
	// sensitive data, for example Sheet2!C5 for cell C5 on Sheet2 in a Microsoft Excel
	// workbook. This value is null for CSV and TSV files.
	CellReference *string

	// The column number of the column that contains the sensitive data. For a
	// Microsoft Excel workbook, this value correlates to the alphabetical character(s)
	// for a column identifier, for example: 1 for column A, 2 for column B, and so on.
	Column *int64

	// The name of the column that contains the sensitive data, if available.
	ColumnName *string

	// The row number of the row that contains the sensitive data.
	Row *int64

	noSmithyDocumentSerde
}

// Provides information about a sensitive data finding and the details of the
// finding.
type ClassificationDetails struct {

	// The path to the folder or file in Amazon S3 that contains the corresponding
	// sensitive data discovery result for the finding. If a finding applies to a large
	// archive or compressed file, this value is the path to a folder. Otherwise, this
	// value is the path to a file.
	DetailedResultsLocation *string

	// The Amazon Resource Name (ARN) of the classification job that produced the
	// finding. This value is null if the origin of the finding (originType) is
	// AUTOMATED_SENSITIVE_DATA_DISCOVERY.
	JobArn *string

	// The unique identifier for the classification job that produced the finding.
	// This value is null if the origin of the finding (originType) is
	// AUTOMATED_SENSITIVE_DATA_DISCOVERY.
	JobId *string

	// Specifies how Amazon Macie found the sensitive data that produced the finding.
	// Possible values are: SENSITIVE_DATA_DISCOVERY_JOB, for a classification job;
	// and, AUTOMATED_SENSITIVE_DATA_DISCOVERY, for automated sensitive data discovery.
	OriginType OriginType

	// The status and other details of the finding.
	Result *ClassificationResult

	noSmithyDocumentSerde
}

// Specifies where to store data classification results, and the encryption
// settings to use when storing results in that location. The location must be an
// S3 bucket.
type ClassificationExportConfiguration struct {

	// The S3 bucket to store data classification results in, and the encryption
	// settings to use when storing results in that bucket.
	S3Destination *S3Destination

	noSmithyDocumentSerde
}

// Provides the details of a sensitive data finding, including the types, number
// of occurrences, and locations of the sensitive data that was detected.
type ClassificationResult struct {

	// Specifies whether Amazon Macie detected additional occurrences of sensitive
	// data in the S3 object. A finding includes location data for a maximum of 15
	// occurrences of sensitive data. This value can help you determine whether to
	// investigate additional occurrences of sensitive data in an object. You can do
	// this by referring to the corresponding sensitive data discovery result for the
	// finding (classificationDetails.detailedResultsLocation).
	AdditionalOccurrences *bool

	// The custom data identifiers that detected the sensitive data and the number of
	// occurrences of the data that they detected.
	CustomDataIdentifiers *CustomDataIdentifiers

	// The type of content, as a MIME type, that the finding applies to. For example,
	// application/gzip, for a GNU Gzip compressed archive file, or application/pdf,
	// for an Adobe Portable Document Format file.
	MimeType *string

	// The category, types, and number of occurrences of the sensitive data that
	// produced the finding.
	SensitiveData []SensitiveDataItem

	// The total size, in bytes, of the data that the finding applies to.
	SizeClassified *int64

	// The status of the finding.
	Status *ClassificationResultStatus

	noSmithyDocumentSerde
}

// Provides information about the status of a sensitive data finding.
type ClassificationResultStatus struct {

	// The status of the finding. Possible values are:
	//   - COMPLETE - Amazon Macie successfully completed its analysis of the S3
	//   object that the finding applies to.
	//   - PARTIAL - Macie analyzed only a subset of the data in the S3 object that
	//   the finding applies to. For example, the object is an archive file that contains
	//   files in an unsupported format.
	//   - SKIPPED - Macie wasn't able to analyze the S3 object that the finding
	//   applies to. For example, the object is a file that uses an unsupported format.
	Code *string

	// A brief description of the status of the finding. This value is null if the
	// status (code) of the finding is COMPLETE. Amazon Macie uses this value to notify
	// you of any errors, warnings, or considerations that might impact your analysis
	// of the finding and the affected S3 object. Possible values are:
	//   - ARCHIVE_CONTAINS_UNPROCESSED_FILES - The object is an archive file and
	//   Macie extracted and analyzed only some or none of the files in the archive. To
	//   determine which files Macie analyzed, if any, refer to the corresponding
	//   sensitive data discovery result for the finding
	//   (classificationDetails.detailedResultsLocation).
	//   - ARCHIVE_EXCEEDS_SIZE_LIMIT - The object is an archive file whose total
	//   storage size exceeds the size quota for this type of archive.
	//   - ARCHIVE_NESTING_LEVEL_OVER_LIMIT - The object is an archive file whose
	//   nested depth exceeds the quota for the maximum number of nested levels that
	//   Macie analyzes for this type of archive.
	//   - ARCHIVE_TOTAL_BYTES_EXTRACTED_OVER_LIMIT - The object is an archive file
	//   that exceeds the quota for the maximum amount of data that Macie extracts and
	//   analyzes for this type of archive.
	//   - ARCHIVE_TOTAL_DOCUMENTS_PROCESSED_OVER_LIMIT - The object is an archive
	//   file that contains more than the maximum number of files that Macie extracts and
	//   analyzes for this type of archive.
	//   - FILE_EXCEEDS_SIZE_LIMIT - The storage size of the object exceeds the size
	//   quota for this type of file.
	//   - INVALID_ENCRYPTION - The object is encrypted using server-side encryption
	//   but Macie isn't allowed to use the key. Macie can't decrypt and analyze the
	//   object.
	//   - INVALID_KMS_KEY - The object is encrypted with an KMS key that was disabled
	//   or is being deleted. Macie can't decrypt and analyze the object.
	//   - INVALID_OBJECT_STATE - The object doesn't use a supported Amazon S3 storage
	//   class.
	//   - JSON_NESTING_LEVEL_OVER_LIMIT - The object contains JSON data and the
	//   nested depth of the data exceeds the quota for the number of nested levels that
	//   Macie analyzes for this type of file.
	//   - MALFORMED_FILE - The object is a malformed or corrupted file. An error
	//   occurred when Macie attempted to detect the file's type or extract data from the
	//   file.
	//   - MALFORMED_OR_FILE_SIZE_EXCEEDS_LIMIT - The object is a Microsoft Office
	//   file that is malformed or exceeds the size quota for this type of file. If the
	//   file is malformed, an error occurred when Macie attempted to extract data from
	//   the file.
	//   - NO_SUCH_BUCKET_AVAILABLE - The object was in a bucket that was deleted
	//   shortly before or when Macie attempted to analyze the object.
	//   - OBJECT_VERSION_MISMATCH - The object was changed while Macie was analyzing
	//   it.
	//   - OOXML_UNCOMPRESSED_RATIO_EXCEEDS_LIMIT - The object is an Office Open XML
	//   file whose compression ratio exceeds the compression quota for this type of
	//   file.
	//   - OOXML_UNCOMPRESSED_SIZE_EXCEEDS_LIMIT - The object is an Office Open XML
	//   file that exceeds the size quota for this type of file.
	//   - PERMISSION_DENIED - Macie isn't allowed to access the object. The object's
	//   permissions settings prevent Macie from analyzing the object.
	//   - SOURCE_OBJECT_NO_LONGER_AVAILABLE - The object was deleted shortly before
	//   or when Macie attempted to analyze it.
	//   - TIME_CUT_OFF_REACHED - Macie started analyzing the object but additional
	//   analysis would exceed the time quota for analyzing an object.
	//   - UNABLE_TO_PARSE_FILE - The object is a file that contains structured data
	//   and an error occurred when Macie attempted to parse the data.
	//   - UNSUPPORTED_FILE_TYPE_EXCEPTION - The object is a file that uses an
	//   unsupported file or storage format.
	// For information about quotas, supported storage classes, and supported file and
	// storage formats, see Quotas (https://docs.aws.amazon.com/macie/latest/user/macie-quotas.html)
	// and Supported storage classes and formats (https://docs.aws.amazon.com/macie/latest/user/discovery-supported-storage.html)
	// in the Amazon Macie User Guide.
	Reason *string

	noSmithyDocumentSerde
}

// Provides information about the classification scope for an Amazon Macie
// account. Macie uses the scope's settings when it performs automated sensitive
// data discovery for the account.
type ClassificationScopeSummary struct {

	// The unique identifier for the classification scope.
	Id *string

	// The name of the classification scope: automated-sensitive-data-discovery.
	Name *string

	noSmithyDocumentSerde
}

// Specifies one or more property- and tag-based conditions that define criteria
// for including or excluding S3 buckets from a classification job.
type CriteriaBlockForJob struct {

	// An array of conditions, one for each condition that determines which buckets to
	// include or exclude from the job. If you specify more than one condition, Amazon
	// Macie uses AND logic to join the conditions.
	And []CriteriaForJob

	noSmithyDocumentSerde
}

// Specifies a property- or tag-based condition that defines criteria for
// including or excluding S3 buckets from a classification job.
type CriteriaForJob struct {

	// A property-based condition that defines a property, operator, and one or more
	// values for including or excluding buckets from the job.
	SimpleCriterion *SimpleCriterionForJob

	// A tag-based condition that defines an operator and tag keys, tag values, or tag
	// key and value pairs for including or excluding buckets from the job.
	TagCriterion *TagCriterionForJob

	noSmithyDocumentSerde
}

// Specifies the operator to use in a property-based condition that filters the
// results of a query for findings. For detailed information and examples of each
// operator, see Fundamentals of filtering findings (https://docs.aws.amazon.com/macie/latest/user/findings-filter-basics.html)
// in the Amazon Macie User Guide.
type CriterionAdditionalProperties struct {

	// The value for the property matches (equals) the specified value. If you specify
	// multiple values, Macie uses OR logic to join the values.
	Eq []string

	// The value for the property exclusively matches (equals an exact match for) all
	// the specified values. If you specify multiple values, Amazon Macie uses AND
	// logic to join the values. You can use this operator with the following
	// properties: customDataIdentifiers.detections.arn,
	// customDataIdentifiers.detections.name, resourcesAffected.s3Bucket.tags.key,
	// resourcesAffected.s3Bucket.tags.value, resourcesAffected.s3Object.tags.key,
	// resourcesAffected.s3Object.tags.value, sensitiveData.category, and
	// sensitiveData.detections.type.
	EqExactMatch []string

	// The value for the property is greater than the specified value.
	Gt *int64

	// The value for the property is greater than or equal to the specified value.
	Gte *int64

	// The value for the property is less than the specified value.
	Lt *int64

	// The value for the property is less than or equal to the specified value.
	Lte *int64

	// The value for the property doesn't match (doesn't equal) the specified value.
	// If you specify multiple values, Macie uses OR logic to join the values.
	Neq []string

	noSmithyDocumentSerde
}

// Provides information about custom data identifiers that produced a sensitive
// data finding, and the number of occurrences of the data that they detected for
// the finding.
type CustomDataIdentifiers struct {

	// The custom data identifiers that detected the data, and the number of
	// occurrences of the data that each identifier detected.
	Detections []CustomDetection

	// The total number of occurrences of the data that was detected by the custom
	// data identifiers and produced the finding.
	TotalCount *int64

	noSmithyDocumentSerde
}

// Provides information about a custom data identifier.
type CustomDataIdentifierSummary struct {

	// The Amazon Resource Name (ARN) of the custom data identifier.
	Arn *string

	// The date and time, in UTC and extended ISO 8601 format, when the custom data
	// identifier was created.
	CreatedAt *time.Time

	// The custom description of the custom data identifier.
	Description *string

	// The unique identifier for the custom data identifier.
	Id *string

	// The custom name of the custom data identifier.
	Name *string

	noSmithyDocumentSerde
}

// Provides information about a custom data identifier that produced a sensitive
// data finding, and the sensitive data that it detected for the finding.
type CustomDetection struct {

	// The unique identifier for the custom data identifier.
	Arn *string

	// The total number of occurrences of the sensitive data that the custom data
	// identifier detected.
	Count *int64

	// The name of the custom data identifier.
	Name *string

	// The location of 1-15 occurrences of the sensitive data that the custom data
	// identifier detected. A finding includes location data for a maximum of 15
	// occurrences of sensitive data.
	Occurrences *Occurrences

	noSmithyDocumentSerde
}

// Specifies that a classification job runs once a day, every day. This is an
// empty object.
type DailySchedule struct {
	noSmithyDocumentSerde
}

// Provides information about a type of sensitive data that was detected by a
// managed data identifier and produced a sensitive data finding.
type DefaultDetection struct {

	// The total number of occurrences of the type of sensitive data that was detected.
	Count *int64

	// The location of 1-15 occurrences of the sensitive data that was detected. A
	// finding includes location data for a maximum of 15 occurrences of sensitive
	// data.
	Occurrences *Occurrences

	// The type of sensitive data that was detected. For example, AWS_CREDENTIALS,
	// PHONE_NUMBER, or ADDRESS.
	Type *string

	noSmithyDocumentSerde
}

// Specifies 1-10 occurrences of a specific type of sensitive data reported by a
// finding.
type DetectedDataDetails struct {

	// An occurrence of the specified type of sensitive data. Each occurrence contains
	// 1-128 characters.
	//
	// This member is required.
	Value *string

	noSmithyDocumentSerde
}

// Provides information about a type of sensitive data that Amazon Macie found in
// an S3 bucket while performing automated sensitive data discovery for the bucket.
// The information also specifies the custom data identifier or managed data
// identifier that detected the data. This information is available only if
// automated sensitive data discovery is currently enabled for your account.
type Detection struct {

	// If the sensitive data was detected by a custom data identifier, the Amazon
	// Resource Name (ARN) of the custom data identifier that detected the data.
	// Otherwise, this value is null.
	Arn *string

	// The total number of occurrences of the sensitive data.
	Count *int64

	// The unique identifier for the custom data identifier or managed data identifier
	// that detected the sensitive data. For additional details about a specified
	// managed data identifier, see Using managed data identifiers (https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html)
	// in the Amazon Macie User Guide.
	Id *string

	// The name of the custom data identifier or managed data identifier that detected
	// the sensitive data. For a managed data identifier, this value is the same as the
	// unique identifier (id).
	Name *string

	// Specifies whether occurrences of this type of sensitive data are excluded
	// (true) or included (false) in the bucket's sensitivity score.
	Suppressed *bool

	// The type of data identifier that detected the sensitive data. Possible values
	// are: CUSTOM, for a custom data identifier; and, MANAGED, for a managed data
	// identifier.
	Type DataIdentifierType

	noSmithyDocumentSerde
}

// Provides information about the domain name of the device that an entity used to
// perform an action on an affected resource.
type DomainDetails struct {

	// The name of the domain.
	DomainName *string

	noSmithyDocumentSerde
}

// Provides information about an identity that performed an action on an affected
// resource by using temporary security credentials. The credentials were obtained
// using the GetFederationToken operation of the Security Token Service (STS) API.
type FederatedUser struct {

	// The Amazon Web Services access key ID that identifies the credentials.
	AccessKeyId *string

	// The unique identifier for the Amazon Web Services account that owns the entity
	// that was used to get the credentials.
	AccountId *string

	// The Amazon Resource Name (ARN) of the entity that was used to get the
	// credentials.
	Arn *string

	// The unique identifier for the entity that was used to get the credentials.
	PrincipalId *string

	// The details of the session that was created for the credentials, including the
	// entity that issued the session.
	SessionContext *SessionContext

	noSmithyDocumentSerde
}

// Provides the details of a finding.
type Finding struct {

	// The unique identifier for the Amazon Web Services account that the finding
	// applies to. This is typically the account that owns the affected resource.
	AccountId *string

	// Specifies whether the finding is archived (suppressed).
	Archived *bool

	// The category of the finding. Possible values are: CLASSIFICATION, for a
	// sensitive data finding; and, POLICY, for a policy finding.
	Category FindingCategory

	// The details of a sensitive data finding. This value is null for a policy
	// finding.
	ClassificationDetails *ClassificationDetails

	// The total number of occurrences of the finding. For sensitive data findings,
	// this value is always 1. All sensitive data findings are considered unique.
	Count *int64

	// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie
	// created the finding.
	CreatedAt *time.Time

	// The description of the finding.
	Description *string

	// The unique identifier for the finding. This is a random string that Amazon
	// Macie generates and assigns to a finding when it creates the finding.
	Id *string

	// The Amazon Web Services partition that Amazon Macie created the finding in.
	Partition *string

	// The details of a policy finding. This value is null for a sensitive data
	// finding.
	PolicyDetails *PolicyDetails

	// The Amazon Web Services Region that Amazon Macie created the finding in.
	Region *string

	// The resources that the finding applies to.
	ResourcesAffected *ResourcesAffected

	// Specifies whether the finding is a sample finding. A sample finding is a
	// finding that uses example data to demonstrate what a finding might contain.
	Sample *bool

	// The version of the schema that was used to define the data structures in the
	// finding.
	SchemaVersion *string

	// The severity level and score for the finding.
	Severity *Severity

	// The brief description of the finding.
	Title *string

	// The type of the finding.
	Type FindingType

	// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie last
	// updated the finding. For sensitive data findings, this value is the same as the
	// value for the createdAt property. All sensitive data findings are considered
	// new.
	UpdatedAt *time.Time

	noSmithyDocumentSerde
}

// Provides information about an action that occurred for a resource and produced
// a policy finding.
type FindingAction struct {

	// The type of action that occurred for the affected resource. This value is
	// typically AWS_API_CALL, which indicates that an entity invoked an API operation
	// for the resource.
	ActionType FindingActionType

	// The invocation details of the API operation that an entity invoked for the
	// affected resource, if the value for the actionType property is AWS_API_CALL.
	ApiCallDetails *ApiCallDetails

	noSmithyDocumentSerde
}

// Provides information about an entity that performed an action that produced a
// policy finding for a resource.
type FindingActor struct {

	// The domain name of the device that the entity used to perform the action on the
	// affected resource.
	DomainDetails *DomainDetails

	// The IP address of the device that the entity used to perform the action on the
	// affected resource. This object also provides information such as the owner and
	// geographic location for the IP address.
	IpAddressDetails *IpAddressDetails

	// The type and other characteristics of the entity that performed the action on
	// the affected resource.
	UserIdentity *UserIdentity

	noSmithyDocumentSerde
}

// Specifies, as a map, one or more property-based conditions that filter the
// results of a query for findings.
type FindingCriteria struct {

	// A condition that specifies the property, operator, and one or more values to
	// use to filter the results.
	Criterion map[string]CriterionAdditionalProperties

	noSmithyDocumentSerde
}

// Provides information about a findings filter.
type FindingsFilterListItem struct {

	// The action that's performed on findings that match the filter criteria.
	// Possible values are: ARCHIVE, suppress (automatically archive) the findings;
	// and, NOOP, don't perform any action on the findings.
	Action FindingsFilterAction

	// The Amazon Resource Name (ARN) of the filter.
	Arn *string

	// The unique identifier for the filter.
	Id *string

	// The custom name of the filter.
	Name *string

	// A map of key-value pairs that specifies which tags (keys and values) are
	// associated with the filter.
	Tags map[string]string

	noSmithyDocumentSerde
}

// Specifies criteria for sorting the results of a query that retrieves aggregated
// statistical data about findings.
type FindingStatisticsSortCriteria struct {

	// The grouping to sort the results by. Valid values are: count, sort the results
	// by the number of findings in each group of results; and, groupKey, sort the
	// results by the name of each group of results.
	AttributeName FindingStatisticsSortAttributeName

	// The sort order to apply to the results, based on the value for the property
	// specified by the attributeName property. Valid values are: ASC, sort the results
	// in ascending order; and, DESC, sort the results in descending order.
	OrderBy OrderBy

	noSmithyDocumentSerde
}

// Provides a group of results for a query that retrieved aggregated statistical
// data about findings.
type GroupCount struct {

	// The total number of findings in the group of query results.
	Count *int64

	// The name of the property that defines the group in the query results, as
	// specified by the groupBy property in the query request.
	GroupKey *string

	noSmithyDocumentSerde
}

// Provides information about an Identity and Access Management (IAM) user who
// performed an action on an affected resource.
type IamUser struct {

	// The unique identifier for the Amazon Web Services account that's associated
	// with the IAM user who performed the action.
	AccountId *string

	// The Amazon Resource Name (ARN) of the principal that performed the action. The
	// last section of the ARN contains the name of the user who performed the action.
	Arn *string

	// The unique identifier for the IAM user who performed the action.
	PrincipalId *string

	// The username of the IAM user who performed the action.
	UserName *string

	noSmithyDocumentSerde
}

// Provides information about an Amazon Macie membership invitation.
type Invitation struct {

	// The Amazon Web Services account ID for the account that sent the invitation.
	AccountId *string

	// The unique identifier for the invitation.
	InvitationId *string

	// The date and time, in UTC and extended ISO 8601 format, when the invitation was
	// sent.
	InvitedAt *time.Time

	// The status of the relationship between the account that sent the invitation and
	// the account that received the invitation.
	RelationshipStatus RelationshipStatus

	noSmithyDocumentSerde
}

// Provides information about the IP address of the device that an entity used to
// perform an action on an affected resource.
type IpAddressDetails struct {

	// The Internet Protocol version 4 (IPv4) address of the device.
	IpAddressV4 *string

	// The city that the IP address originated from.
	IpCity *IpCity

	// The country that the IP address originated from.
	IpCountry *IpCountry

	// The geographic coordinates of the location that the IP address originated from.
	IpGeoLocation *IpGeoLocation

	// The registered owner of the IP address.
	IpOwner *IpOwner

	noSmithyDocumentSerde
}

// Provides information about the city that an IP address originated from.
type IpCity struct {

	// The name of the city.
	Name *string

	noSmithyDocumentSerde
}

// Provides information about the country that an IP address originated from.
type IpCountry struct {

	// The two-character code, in ISO 3166-1 alpha-2 format, for the country that the
	// IP address originated from. For example, US for the United States.
	Code *string

	// The name of the country that the IP address originated from.
	Name *string

	noSmithyDocumentSerde
}

// Provides geographic coordinates that indicate where a specified IP address
// originated from.
type IpGeoLocation struct {

	// The latitude coordinate of the location, rounded to four decimal places.
	Lat *float64

	// The longitude coordinate of the location, rounded to four decimal places.
	Lon *float64

	noSmithyDocumentSerde
}

// Provides information about the registered owner of an IP address.
type IpOwner struct {

	// The autonomous system number (ASN) for the autonomous system that included the
	// IP address.
	Asn *string

	// The organization identifier that's associated with the autonomous system number
	// (ASN) for the autonomous system that included the IP address.
	AsnOrg *string

	// The name of the internet service provider (ISP) that owned the IP address.
	Isp *string

	// The name of the organization that owned the IP address.
	Org *string

	noSmithyDocumentSerde
}

// Specifies whether any one-time or recurring classification jobs are configured
// to analyze data in an S3 bucket, and, if so, the details of the job that ran
// most recently.
type JobDetails struct {

	// Specifies whether any one-time or recurring jobs are configured to analyze data
	// in the bucket. Possible values are:
	//   - TRUE - The bucket is explicitly included in the bucket definition
	//   (S3BucketDefinitionForJob) for one or more jobs and at least one of those jobs
	//   has a status other than CANCELLED. Or the bucket matched the bucket criteria
	//   (S3BucketCriteriaForJob) for at least one job that previously ran.
	//   - FALSE - The bucket isn't explicitly included in the bucket definition
	//   (S3BucketDefinitionForJob) for any jobs, all the jobs that explicitly include
	//   the bucket in their bucket definitions have a status of CANCELLED, or the bucket
	//   didn't match the bucket criteria (S3BucketCriteriaForJob) for any jobs that
	//   previously ran.
	//   - UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job
	//   data for the bucket.
	IsDefinedInJob IsDefinedInJob

	// Specifies whether any recurring jobs are configured to analyze data in the
	// bucket. Possible values are:
	//   - TRUE - The bucket is explicitly included in the bucket definition
	//   (S3BucketDefinitionForJob) for one or more recurring jobs or the bucket matches
	//   the bucket criteria (S3BucketCriteriaForJob) for one or more recurring jobs. At
	//   least one of those jobs has a status other than CANCELLED.
	//   - FALSE - The bucket isn't explicitly included in the bucket definition
	//   (S3BucketDefinitionForJob) for any recurring jobs, the bucket doesn't match the
	//   bucket criteria (S3BucketCriteriaForJob) for any recurring jobs, or all the
	//   recurring jobs that are configured to analyze data in the bucket have a status
	//   of CANCELLED.
	//   - UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job
	//   data for the bucket.
	IsMonitoredByJob IsMonitoredByJob

	// The unique identifier for the job that ran most recently and is configured to
	// analyze data in the bucket, either the latest run of a recurring job or the only
	// run of a one-time job. This value is typically null if the value for the
	// isDefinedInJob property is FALSE or UNKNOWN.
	LastJobId *string

	// The date and time, in UTC and extended ISO 8601 format, when the job
	// (lastJobId) started. If the job is a recurring job, this value indicates when
	// the most recent run started. This value is typically null if the value for the
	// isDefinedInJob property is FALSE or UNKNOWN.
	LastJobRunTime *time.Time

	noSmithyDocumentSerde
}

// Specifies the recurrence pattern for running a classification job.
type JobScheduleFrequency struct {

	// Specifies a daily recurrence pattern for running the job.
	DailySchedule *DailySchedule

	// Specifies a monthly recurrence pattern for running the job.
	MonthlySchedule *MonthlySchedule

	// Specifies a weekly recurrence pattern for running the job.
	WeeklySchedule *WeeklySchedule

	noSmithyDocumentSerde
}

// Specifies a property- or tag-based condition that defines criteria for
// including or excluding S3 objects from a classification job. A JobScopeTerm
// object can contain only one simpleScopeTerm object or one tagScopeTerm object.
type JobScopeTerm struct {

	// A property-based condition that defines a property, operator, and one or more
	// values for including or excluding objects from the job.
	SimpleScopeTerm *SimpleScopeTerm

	// A tag-based condition that defines the operator and tag keys or tag key and
	// value pairs for including or excluding objects from the job.
	TagScopeTerm *TagScopeTerm

	noSmithyDocumentSerde
}

// Specifies one or more property- and tag-based conditions that define criteria
// for including or excluding S3 objects from a classification job.
type JobScopingBlock struct {

	// An array of conditions, one for each property- or tag-based condition that
	// determines which objects to include or exclude from the job. If you specify more
	// than one condition, Amazon Macie uses AND logic to join the conditions.
	And []JobScopeTerm

	noSmithyDocumentSerde
}

// Provides information about a classification job, including the current status
// of the job.
type JobSummary struct {

	// The property- and tag-based conditions that determine which S3 buckets are
	// included or excluded from the job's analysis. Each time the job runs, the job
	// uses these criteria to determine which buckets to analyze. A job's definition
	// can contain a bucketCriteria object or a bucketDefinitions array, not both.
	BucketCriteria *S3BucketCriteriaForJob

	// An array of objects, one for each Amazon Web Services account that owns
	// specific S3 buckets for the job to analyze. Each object specifies the account ID
	// for an account and one or more buckets to analyze for that account. A job's
	// definition can contain a bucketDefinitions array or a bucketCriteria object, not
	// both.
	BucketDefinitions []S3BucketDefinitionForJob

	// The date and time, in UTC and extended ISO 8601 format, when the job was
	// created.
	CreatedAt *time.Time

	// The unique identifier for the job.
	JobId *string

	// The current status of the job. Possible values are:
	//   - CANCELLED - You cancelled the job or, if it's a one-time job, you paused
	//   the job and didn't resume it within 30 days.
	//   - COMPLETE - For a one-time job, Amazon Macie finished processing the data
	//   specified for the job. This value doesn't apply to recurring jobs.
	//   - IDLE - For a recurring job, the previous scheduled run is complete and the
	//   next scheduled run is pending. This value doesn't apply to one-time jobs.
	//   - PAUSED - Macie started running the job but additional processing would
	//   exceed the monthly sensitive data discovery quota for your account or one or
	//   more member accounts that the job analyzes data for.
	//   - RUNNING - For a one-time job, the job is in progress. For a recurring job,
	//   a scheduled run is in progress.
	//   - USER_PAUSED - You paused the job. If you paused the job while it had a
	//   status of RUNNING and you don't resume it within 30 days of pausing it, the job
	//   or job run will expire and be cancelled, depending on the job's type. To check
	//   the expiration date, refer to the UserPausedDetails.jobExpiresAt property.
	JobStatus JobStatus

	// The schedule for running the job. Possible values are:
	//   - ONE_TIME - The job runs only once.
	//   - SCHEDULED - The job runs on a daily, weekly, or monthly basis.
	JobType JobType

	// Specifies whether any account- or bucket-level access errors occurred when the
	// job ran. For a recurring job, this value indicates the error status of the job's
	// most recent run.
	LastRunErrorStatus *LastRunErrorStatus

	// The custom name of the job.
	Name *string

	// If the current status of the job is USER_PAUSED, specifies when the job was
	// paused and when the job or job run will expire and be cancelled if it isn't
	// resumed. This value is present only if the value for jobStatus is USER_PAUSED.
	UserPausedDetails *UserPausedDetails

	noSmithyDocumentSerde
}

// Provides information about the tags that are associated with an S3 bucket or
// object. Each tag consists of a required tag key and an associated tag value.
type KeyValuePair struct {

	// One part of a key-value pair that comprises a tag. A tag key is a general label
	// that acts as a category for more specific tag values.
	Key *string

	// One part of a key-value pair that comprises a tag. A tag value acts as a
	// descriptor for a tag key. A tag value can be an empty string.
	Value *string

	noSmithyDocumentSerde
}

// Specifies whether any account- or bucket-level access errors occurred when a
// classification job ran. For information about using logging data to investigate
// these errors, see Monitoring sensitive data discovery jobs (https://docs.aws.amazon.com/macie/latest/user/discovery-jobs-monitor-cw-logs.html)
// in the Amazon Macie User Guide.
type LastRunErrorStatus struct {

	// Specifies whether any account- or bucket-level access errors occurred when the
	// job ran. For a recurring job, this value indicates the error status of the job's
	// most recent run. Possible values are:
	//   - ERROR - One or more errors occurred. Amazon Macie didn't process all the
	//   data specified for the job.
	//   - NONE - No errors occurred. Macie processed all the data specified for the
	//   job.
	Code LastRunErrorStatusCode

	noSmithyDocumentSerde
}

// Specifies criteria for filtering the results of a request for information about
// classification jobs.
type ListJobsFilterCriteria struct {

	// An array of objects, one for each condition that determines which jobs to
	// exclude from the results.
	Excludes []ListJobsFilterTerm

	// An array of objects, one for each condition that determines which jobs to
	// include in the results.
	Includes []ListJobsFilterTerm

	noSmithyDocumentSerde
}

// Specifies a condition that filters the results of a request for information
// about classification jobs. Each condition consists of a property, an operator,
// and one or more values.
type ListJobsFilterTerm struct {

	// The operator to use to filter the results.
	Comparator JobComparator

	// The property to use to filter the results.
	Key ListJobsFilterKey

	// An array that lists one or more values to use to filter the results.
	Values []string

	noSmithyDocumentSerde
}

// Specifies criteria for sorting the results of a request for information about
// classification jobs.
type ListJobsSortCriteria struct {

	// The property to sort the results by.
	AttributeName ListJobsSortAttributeName

	// The sort order to apply to the results, based on the value for the property
	// specified by the attributeName property. Valid values are: ASC, sort the results
	// in ascending order; and, DESC, sort the results in descending order.
	OrderBy OrderBy

	noSmithyDocumentSerde
}

// Provides information about a managed data identifier. For additional
// information, see Using managed data identifiers (https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html)
// in the Amazon Macie User Guide.
type ManagedDataIdentifierSummary struct {

	// The category of sensitive data that the managed data identifier detects:
	// CREDENTIALS, for credentials data such as private keys or Amazon Web Services
	// secret access keys; FINANCIAL_INFORMATION, for financial data such as credit
	// card numbers; or, PERSONAL_INFORMATION, for personal health information, such as
	// health insurance identification numbers, or personally identifiable information,
	// such as passport numbers.
	Category SensitiveDataItemCategory

	// The unique identifier for the managed data identifier. This is a string that
	// describes the type of sensitive data that the managed data identifier detects.
	// For example: OPENSSH_PRIVATE_KEY for OpenSSH private keys, CREDIT_CARD_NUMBER
	// for credit card numbers, or USA_PASSPORT_NUMBER for US passport numbers.
	Id *string

	noSmithyDocumentSerde
}

// Provides statistical data and other information about an S3 bucket that Amazon
// Macie monitors and analyzes for your account. By default, object count and
// storage size values include data for object parts that are the result of
// incomplete multipart uploads. For more information, see How Macie monitors
// Amazon S3 data security (https://docs.aws.amazon.com/macie/latest/user/monitoring-s3-how-it-works.html)
// in the Amazon Macie User Guide. If an error occurs when Macie attempts to
// retrieve and process information about the bucket or the bucket's objects, the
// value for most of these properties is null. Key exceptions are accountId and
// bucketName. To identify the cause of the error, refer to the errorCode and
// errorMessage values.
type MatchingBucket struct {

	// The unique identifier for the Amazon Web Services account that owns the bucket.
	AccountId *string

	// The name of the bucket.
	BucketName *string

	// The total number of objects that Amazon Macie can analyze in the bucket. These
	// objects use a supported storage class and have a file name extension for a
	// supported file or storage format.
	ClassifiableObjectCount *int64

	// The total storage size, in bytes, of the objects that Amazon Macie can analyze
	// in the bucket. These objects use a supported storage class and have a file name
	// extension for a supported file or storage format. If versioning is enabled for
	// the bucket, Macie calculates this value based on the size of the latest version
	// of each applicable object in the bucket. This value doesn't reflect the storage
	// size of all versions of each applicable object in the bucket.
	ClassifiableSizeInBytes *int64

	// The error code for an error that prevented Amazon Macie from retrieving and
	// processing information about the bucket and the bucket's objects. If this value
	// is ACCESS_DENIED, Macie doesn't have permission to retrieve the information. For
	// example, the bucket has a restrictive bucket policy and Amazon S3 denied the
	// request. If this value is null, Macie was able to retrieve and process the
	// information.
	ErrorCode BucketMetadataErrorCode

	// A brief description of the error (errorCode) that prevented Amazon Macie from
	// retrieving and processing information about the bucket and the bucket's objects.
	// This value is null if Macie was able to retrieve and process the information.
	ErrorMessage *string

	// Specifies whether any one-time or recurring classification jobs are configured
	// to analyze objects in the bucket, and, if so, the details of the job that ran
	// most recently.
	JobDetails *JobDetails

	// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most
	// recently analyzed data in the bucket while performing automated sensitive data
	// discovery for your account. This value is null if automated sensitive data
	// discovery is currently disabled for your account.
	LastAutomatedDiscoveryTime *time.Time

	// The total number of objects in the bucket.
	ObjectCount *int64

	// The total number of objects in the bucket, grouped by server-side encryption
	// type. This includes a grouping that reports the total number of objects that
	// aren't encrypted or use client-side encryption.
	ObjectCountByEncryptionType *ObjectCountByEncryptionType

	// The current sensitivity score for the bucket, ranging from -1 (classification
	// error) to 100 (sensitive). This value is null if automated sensitive data
	// discovery is currently disabled for your account.
	SensitivityScore *int32

	// The total storage size, in bytes, of the bucket. If versioning is enabled for
	// the bucket, Amazon Macie calculates this value based on the size of the latest
	// version of each object in the bucket. This value doesn't reflect the storage
	// size of all versions of each object in the bucket.
	SizeInBytes *int64

	// The total storage size, in bytes, of the objects that are compressed (.gz,
	// .gzip, .zip) files in the bucket. If versioning is enabled for the bucket,
	// Amazon Macie calculates this value based on the size of the latest version of
	// each applicable object in the bucket. This value doesn't reflect the storage
	// size of all versions of each applicable object in the bucket.
	SizeInBytesCompressed *int64

	// The total number of objects that Amazon Macie can't analyze in the bucket.
	// These objects don't use a supported storage class or don't have a file name
	// extension for a supported file or storage format.
	UnclassifiableObjectCount *ObjectLevelStatistics

	// The total storage size, in bytes, of the objects that Amazon Macie can't
	// analyze in the bucket. These objects don't use a supported storage class or
	// don't have a file name extension for a supported file or storage format.
	UnclassifiableObjectSizeInBytes *ObjectLevelStatistics

	noSmithyDocumentSerde
}

// Provides statistical data and other information about an Amazon Web Services
// resource that Amazon Macie monitors and analyzes for your account.
type MatchingResource struct {

	// The details of an S3 bucket that Amazon Macie monitors and analyzes.
	MatchingBucket *MatchingBucket

	noSmithyDocumentSerde
}

// Provides information about an account that's associated with an Amazon Macie
// administrator account.
type Member struct {

	// The Amazon Web Services account ID for the account.
	AccountId *string

	// The Amazon Web Services account ID for the administrator account.
	AdministratorAccountId *string

	// The Amazon Resource Name (ARN) of the account.
	Arn *string

	// The email address for the account. This value is null if the account is
	// associated with the administrator account through Organizations.
	Email *string

	// The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie
	// membership invitation was last sent to the account. This value is null if a
	// Macie membership invitation hasn't been sent to the account.
	InvitedAt *time.Time

	// (Deprecated) The Amazon Web Services account ID for the administrator account.
	// This property has been replaced by the administratorAccountId property and is
	// retained only for backward compatibility.
	MasterAccountId *string

	// The current status of the relationship between the account and the
	// administrator account.
	RelationshipStatus RelationshipStatus

	// A map of key-value pairs that specifies which tags (keys and values) are
	// associated with the account in Amazon Macie.
	Tags map[string]string

	// The date and time, in UTC and extended ISO 8601 format, of the most recent
	// change to the status of the relationship between the account and the
	// administrator account.
	UpdatedAt *time.Time

	noSmithyDocumentSerde
}

// Specifies a monthly recurrence pattern for running a classification job.
type MonthlySchedule struct {

	// The numeric day of the month when Amazon Macie runs the job. This value can be
	// an integer from 1 through 31. If this value exceeds the number of days in a
	// certain month, Macie doesn't run the job that month. Macie runs the job only
	// during months that have the specified day. For example, if this value is 31 and
	// a month has only 30 days, Macie doesn't run the job that month. To run the job
	// every month, specify a value that's less than 29.
	DayOfMonth *int32

	noSmithyDocumentSerde
}

// Provides information about the number of objects that are in an S3 bucket and
// use certain types of server-side encryption, use client-side encryption, or
// aren't encrypted.
type ObjectCountByEncryptionType struct {

	// The total number of objects that are encrypted with a customer-provided key.
	// The objects use customer-provided server-side encryption (SSE-C).
	CustomerManaged *int64

	// The total number of objects that are encrypted with an KMS key, either an
	// Amazon Web Services managed key or a customer managed key. The objects use KMS
	// encryption (SSE-KMS).
	KmsManaged *int64

	// The total number of objects that are encrypted with an Amazon S3 managed key.
	// The objects use Amazon S3 managed encryption (SSE-S3).
	S3Managed *int64

	// The total number of objects that use client-side encryption or aren't encrypted.
	Unencrypted *int64

	// The total number of objects that Amazon Macie doesn't have current encryption
	// metadata for. Macie can't provide current data about the encryption settings for
	// these objects.
	Unknown *int64

	noSmithyDocumentSerde
}

// Provides information about the total storage size (in bytes) or number of
// objects that Amazon Macie can't analyze in one or more S3 buckets. In a
// BucketMetadata or MatchingBucket object, this data is for a specific bucket. In
// a GetBucketStatisticsResponse object, this data is aggregated for all the
// buckets in the query results. If versioning is enabled for a bucket, storage
// size values are based on the size of the latest version of each applicable
// object in the bucket.
type ObjectLevelStatistics struct {

	// The total storage size (in bytes) or number of objects that Amazon Macie can't
	// analyze because the objects don't have a file name extension for a supported
	// file or storage format.
	FileType *int64

	// The total storage size (in bytes) or number of objects that Amazon Macie can't
	// analyze because the objects use an unsupported storage class.
	StorageClass *int64

	// The total storage size (in bytes) or number of objects that Amazon Macie can't
	// analyze because the objects use an unsupported storage class or don't have a
	// file name extension for a supported file or storage format.
	Total *int64

	noSmithyDocumentSerde
}

// Specifies the location of 1-15 occurrences of sensitive data that was detected
// by a managed data identifier or a custom data identifier and produced a
// sensitive data finding.
type Occurrences struct {

	// An array of objects, one for each occurrence of sensitive data in a Microsoft
	// Excel workbook, CSV file, or TSV file. This value is null for all other types of
	// files. Each Cell object specifies a cell or field that contains the sensitive
	// data.
	Cells []Cell

	// An array of objects, one for each occurrence of sensitive data in an email
	// message or a non-binary text file such as an HTML, TXT, or XML file. Each Range
	// object specifies a line or inclusive range of lines that contains the sensitive
	// data, and the position of the data on the specified line or lines. This value is
	// often null for file types that are supported by Cell, Page, or Record objects.
	// Exceptions are the location of sensitive data in: unstructured sections of an
	// otherwise structured file, such as a comment in a file; a malformed file that
	// Amazon Macie analyzes as plain text; and, a CSV or TSV file that has any column
	// names that contain sensitive data.
	LineRanges []Range

	// Reserved for future use.
	OffsetRanges []Range

	// An array of objects, one for each occurrence of sensitive data in an Adobe
	// Portable Document Format file. This value is null for all other types of files.
	// Each Page object specifies a page that contains the sensitive data.
	Pages []Page

	// An array of objects, one for each occurrence of sensitive data in an Apache
	// Avro object container, Apache Parquet file, JSON file, or JSON Lines file. This
	// value is null for all other types of files. For an Avro object container or
	// Parquet file, each Record object specifies a record index and the path to a
	// field in a record that contains the sensitive data. For a JSON or JSON Lines
	// file, each Record object specifies the path to a field or array that contains
	// the sensitive data. For a JSON Lines file, it also specifies the index of the
	// line that contains the data.
	Records []Record

	noSmithyDocumentSerde
}

// Specifies the location of an occurrence of sensitive data in an Adobe Portable
// Document Format file.
type Page struct {

	// Reserved for future use.
	LineRange *Range

	// Reserved for future use.
	OffsetRange *Range

	// The page number of the page that contains the sensitive data.
	PageNumber *int64

	noSmithyDocumentSerde
}

// Provides the details of a policy finding.
type PolicyDetails struct {

	// The action that produced the finding.
	Action *FindingAction

	// The entity that performed the action that produced the finding.
	Actor *FindingActor

	noSmithyDocumentSerde
}

// Specifies the location of an occurrence of sensitive data in an email message
// or a non-binary text file such as an HTML, TXT, or XML file.
type Range struct {

	// The number of lines from the beginning of the file to the end of the sensitive
	// data.
	End *int64

	// The number of lines from the beginning of the file to the beginning of the
	// sensitive data.
	Start *int64

	// The number of characters, with spaces and starting from 1, from the beginning
	// of the first line that contains the sensitive data (start) to the beginning of
	// the sensitive data.
	StartColumn *int64

	noSmithyDocumentSerde
}

// Specifies the location of an occurrence of sensitive data in an Apache Avro
// object container, Apache Parquet file, JSON file, or JSON Lines file.
type Record struct {

	// The path, as a JSONPath expression, to the sensitive data. For an Avro object
	// container or Parquet file, this is the path to the field in the record
	// (recordIndex) that contains the data. For a JSON or JSON Lines file, this is the
	// path to the field or array that contains the data. If the data is a value in an
	// array, the path also indicates which value contains the data. If Amazon Macie
	// detects sensitive data in the name of any element in the path, Macie omits this
	// field. If the name of an element exceeds 240 characters, Macie truncates the
	// name by removing characters from the beginning of the name. If the resulting
	// full path exceeds 250 characters, Macie also truncates the path, starting with
	// the first element in the path, until the path contains 250 or fewer characters.
	JsonPath *string

	// For an Avro object container or Parquet file, the record index, starting from
	// 0, for the record that contains the sensitive data. For a JSON Lines file, the
	// line index, starting from 0, for the line that contains the sensitive data. This
	// value is always 0 for JSON files.
	RecordIndex *int64

	noSmithyDocumentSerde
}

// Provides information about settings that define whether one or more objects in
// an S3 bucket are replicated to S3 buckets for other Amazon Web Services accounts
// and, if so, which accounts.
type ReplicationDetails struct {

	// Specifies whether the bucket is configured to replicate one or more objects to
	// any destination.
	Replicated *bool

	// Specifies whether the bucket is configured to replicate one or more objects to
	// a bucket for an Amazon Web Services account that isn't part of your Amazon Macie
	// organization. An Amazon Macie organization is a set of Macie accounts that are
	// centrally managed as a group of related accounts through Organizations or by
	// Macie invitation.
	ReplicatedExternally *bool

	// An array of Amazon Web Services account IDs, one for each Amazon Web Services
	// account that owns a bucket that the bucket is configured to replicate one or
	// more objects to.
	ReplicationAccounts []string

	noSmithyDocumentSerde
}

// Provides information about an S3 object that Amazon Macie selected for analysis
// while performing automated sensitive data discovery for an S3 bucket, and the
// status and results of the analysis. This information is available only if
// automated sensitive data discovery is currently enabled for your account.
type ResourceProfileArtifact struct {

	// The Amazon Resource Name (ARN) of the object.
	//
	// This member is required.
	Arn *string

	// The status of the analysis. Possible values are:
	//   - COMPLETE - Amazon Macie successfully completed its analysis of the object.
	//   - PARTIAL - Macie analyzed only a subset of data in the object. For example,
	//   the object is an archive file that contains files in an unsupported format.
	//   - SKIPPED - Macie wasn't able to analyze the object. For example, the object
	//   is a malformed file.
	//
	// This member is required.
	ClassificationResultStatus *string

	// Specifies whether Amazon Macie found sensitive data in the object.
	Sensitive *bool

	noSmithyDocumentSerde
}

// Provides information about the resources that a finding applies to.
type ResourcesAffected struct {

	// The details of the S3 bucket that the finding applies to.
	S3Bucket *S3Bucket

	// The details of the S3 object that the finding applies to.
	S3Object *S3Object

	noSmithyDocumentSerde
}

// Provides statistical data for sensitive data discovery metrics that apply to an
// S3 bucket that Amazon Macie monitors and analyzes for your account. The
// statistics capture the results of automated sensitive data discovery activities
// that Macie has performed for the bucket. The data is available only if automated
// sensitive data discovery is currently enabled for your account.
type ResourceStatistics struct {

	// The total amount of data, in bytes, that Amazon Macie has analyzed in the
	// bucket.
	TotalBytesClassified *int64

	// The total number of occurrences of sensitive data that Amazon Macie has found
	// in the bucket's objects. This includes occurrences that are currently suppressed
	// by the sensitivity scoring settings for the bucket (totalDetectionsSuppressed).
	TotalDetections *int64

	// The total number of occurrences of sensitive data that are currently suppressed
	// by the sensitivity scoring settings for the bucket. These represent occurrences
	// of sensitive data that Amazon Macie found in the bucket's objects, but the
	// occurrences were manually suppressed. By default, suppressed occurrences are
	// excluded from the bucket's sensitivity score.
	TotalDetectionsSuppressed *int64

	// The total number of objects that Amazon Macie has analyzed in the bucket.
	TotalItemsClassified *int64

	// The total number of the bucket's objects that Amazon Macie has found sensitive
	// data in.
	TotalItemsSensitive *int64

	// The total number of objects that Amazon Macie wasn't able to analyze in the
	// bucket due to an object-level issue or error. For example, an object is a
	// malformed file. This value includes objects that Macie wasn't able to analyze
	// for reasons reported by other statistics in the ResourceStatistics object.
	TotalItemsSkipped *int64

	// The total number of objects that Amazon Macie wasn't able to analyze in the
	// bucket because the objects are encrypted with a key that Macie can't access. The
	// objects use server-side encryption with customer-provided keys (SSE-C).
	TotalItemsSkippedInvalidEncryption *int64

	// The total number of objects that Amazon Macie wasn't able to analyze in the
	// bucket because the objects are encrypted with KMS keys that were disabled, are
	// scheduled for deletion, or were deleted.
	TotalItemsSkippedInvalidKms *int64

	// The total number of objects that Amazon Macie wasn't able to analyze in the
	// bucket due to the permissions settings for the objects or the permissions
	// settings for the keys that were used to encrypt the objects.
	TotalItemsSkippedPermissionDenied *int64

	noSmithyDocumentSerde
}

// Provides information about the access method and settings that are used to
// retrieve occurrences of sensitive data reported by findings.
type RetrievalConfiguration struct {

	// The access method that's used when retrieving sensitive data from affected S3
	// objects. Valid values are: ASSUME_ROLE, assume an IAM role that is in the
	// affected Amazon Web Services account and delegates access to Amazon Macie
	// (roleName); and, CALLER_CREDENTIALS, use the credentials of the IAM user who
	// requests the sensitive data.
	//
	// This member is required.
	RetrievalMode RetrievalMode

	// The external ID to specify in the trust policy for the IAM role to assume when
	// retrieving sensitive data from affected S3 objects (roleName). The trust policy
	// must include an sts:ExternalId condition that requires this ID. This ID is a
	// unique alphanumeric string that Amazon Macie generates automatically after you
	// configure it to assume a role. This value is null if the value for retrievalMode
	// is CALLER_CREDENTIALS.
	ExternalId *string

	// The name of the IAM role that is in the affected Amazon Web Services account
	// and Amazon Macie is allowed to assume when retrieving sensitive data from
	// affected S3 objects for the account. This value is null if the value for
	// retrievalMode is CALLER_CREDENTIALS.
	RoleName *string

	noSmithyDocumentSerde
}

// Specifies the status of the Amazon Macie configuration for retrieving
// occurrences of sensitive data reported by findings, and the Key Management
// Service (KMS) key to use to encrypt sensitive data that's retrieved. When you
// enable the configuration for the first time, your request must specify an KMS
// key. Otherwise, an error occurs.
type RevealConfiguration struct {

	// The status of the configuration for the Amazon Macie account. In a request,
	// valid values are: ENABLED, enable the configuration for the account; and,
	// DISABLED, disable the configuration for the account. In a response, possible
	// values are: ENABLED, the configuration is currently enabled for the account;
	// and, DISABLED, the configuration is currently disabled for the account.
	//
	// This member is required.
	Status RevealStatus

	// The Amazon Resource Name (ARN), ID, or alias of the KMS key to use to encrypt
	// sensitive data that's retrieved. The key must be an existing, customer managed,
	// symmetric encryption key that's enabled in the same Amazon Web Services Region
	// as the Amazon Macie account. If this value specifies an alias, it must include
	// the following prefix: alias/. If this value specifies a key that's owned by
	// another Amazon Web Services account, it must specify the ARN of the key or the
	// ARN of the key's alias.
	KmsKeyId *string

	noSmithyDocumentSerde
}

// Provides information about the S3 bucket that a finding applies to.
type S3Bucket struct {

	// Specifies whether the bucket policy for the bucket requires server-side
	// encryption of objects when objects are added to the bucket. Possible values are:
	//
	//   - FALSE - The bucket policy requires server-side encryption of new objects.
	//   PutObject requests must include a valid server-side encryption header.
	//   - TRUE - The bucket doesn't have a bucket policy or it has a bucket policy
	//   that doesn't require server-side encryption of new objects. If a bucket policy
	//   exists, it doesn't require PutObject requests to include a valid server-side
	//   encryption header.
	//   - UNKNOWN - Amazon Macie can't determine whether the bucket policy requires
	//   server-side encryption of new objects.
	// Valid server-side encryption headers are: x-amz-server-side-encryption with a
	// value of AES256 or aws:kms, and x-amz-server-side-encryption-customer-algorithm
	// with a value of AES256.
	AllowsUnencryptedObjectUploads AllowsUnencryptedObjectUploads

	// The Amazon Resource Name (ARN) of the bucket.
	Arn *string

	// The date and time, in UTC and extended ISO 8601 format, when the bucket was
	// created. This value can also indicate when changes such as edits to the bucket's
	// policy were most recently made to the bucket, relative to when the finding was
	// created or last updated.
	CreatedAt *time.Time

	// The default server-side encryption settings for the bucket.
	DefaultServerSideEncryption *ServerSideEncryption

	// The name of the bucket.
	Name *string

	// The display name and canonical user ID for the Amazon Web Services account that
	// owns the bucket.
	Owner *S3BucketOwner

	// The permissions settings that determine whether the bucket is publicly
	// accessible.
	PublicAccess *BucketPublicAccess

	// The tags that are associated with the bucket.
	Tags []KeyValuePair

	noSmithyDocumentSerde
}

// Specifies property- and tag-based conditions that define criteria for including
// or excluding S3 buckets from a classification job. Exclude conditions take
// precedence over include conditions.
type S3BucketCriteriaForJob struct {

	// The property- and tag-based conditions that determine which buckets to exclude
	// from the job.
	Excludes *CriteriaBlockForJob

	// The property- and tag-based conditions that determine which buckets to include
	// in the job.
	Includes *CriteriaBlockForJob

	noSmithyDocumentSerde
}

// Specifies an Amazon Web Services account that owns S3 buckets for a
// classification job to analyze, and one or more specific buckets to analyze for
// that account.
type S3BucketDefinitionForJob struct {

	// The unique identifier for the Amazon Web Services account that owns the buckets.
	//
	// This member is required.
	AccountId *string

	// An array that lists the names of the buckets.
	//
	// This member is required.
	Buckets []string

	noSmithyDocumentSerde
}

// Provides information about the Amazon Web Services account that owns an S3
// bucket.
type S3BucketOwner struct {

	// The display name of the account that owns the bucket.
	DisplayName *string

	// The canonical user ID for the account that owns the bucket.
	Id *string

	noSmithyDocumentSerde
}

// Specifies the S3 buckets that are excluded from automated sensitive data
// discovery for an Amazon Macie account.
type S3ClassificationScope struct {

	// The S3 buckets that are excluded.
	//
	// This member is required.
	Excludes *S3ClassificationScopeExclusion

	noSmithyDocumentSerde
}

// Specifies the names of the S3 buckets that are excluded from automated
// sensitive data discovery.
type S3ClassificationScopeExclusion struct {

	// An array of strings, one for each S3 bucket that is excluded. Each string is
	// the full name of an excluded bucket.
	//
	// This member is required.
	BucketNames []string

	noSmithyDocumentSerde
}

// Specifies S3 buckets to add or remove from the exclusion list defined by the
// classification scope for an Amazon Macie account.
type S3ClassificationScopeExclusionUpdate struct {

	// Depending on the value specified for the update operation
	// (ClassificationScopeUpdateOperation), an array of strings that: lists the names
	// of buckets to add or remove from the list, or specifies a new set of bucket
	// names that overwrites all existing names in the list. Each string must be the
	// full name of an S3 bucket. Values are case sensitive.
	//
	// This member is required.
	BucketNames []string

	// Specifies how to apply the changes to the exclusion list. Valid values are:
	//   - ADD - Append the specified bucket names to the current list.
	//   - REMOVE - Remove the specified bucket names from the current list.
	//   - REPLACE - Overwrite the current list with the specified list of bucket
	//   names. If you specify this value, Amazon Macie removes all existing names from
	//   the list and adds all the specified names to the list.
	//
	// This member is required.
	Operation ClassificationScopeUpdateOperation

	noSmithyDocumentSerde
}

// Specifies changes to the list of S3 buckets that are excluded from automated
// sensitive data discovery for an Amazon Macie account.
type S3ClassificationScopeUpdate struct {

	// The names of the S3 buckets to add or remove from the list.
	//
	// This member is required.
	Excludes *S3ClassificationScopeExclusionUpdate

	noSmithyDocumentSerde
}

// Specifies an S3 bucket to store data classification results in, and the
// encryption settings to use when storing results in that bucket.
type S3Destination struct {

	// The name of the bucket.
	//
	// This member is required.
	BucketName *string

	// The Amazon Resource Name (ARN) of the customer managed KMS key to use for
	// encryption of the results. This must be the ARN of an existing, symmetric
	// encryption KMS key that's enabled in the same Amazon Web Services Region as the
	// bucket.
	//
	// This member is required.
	KmsKeyArn *string

	// The path prefix to use in the path to the location in the bucket. This prefix
	// specifies where to store classification results in the bucket.
	KeyPrefix *string

	noSmithyDocumentSerde
}

// Specifies which S3 buckets contain the objects that a classification job
// analyzes, and the scope of that analysis. The bucket specification can be static
// (bucketDefinitions) or dynamic (bucketCriteria). If it's static, the job
// analyzes objects in the same predefined set of buckets each time the job runs.
// If it's dynamic, the job analyzes objects in any buckets that match the
// specified criteria each time the job starts to run.
type S3JobDefinition struct {

	// The property- and tag-based conditions that determine which S3 buckets to
	// include or exclude from the analysis. Each time the job runs, the job uses these
	// criteria to determine which buckets contain objects to analyze. A job's
	// definition can contain a bucketCriteria object or a bucketDefinitions array, not
	// both.
	BucketCriteria *S3BucketCriteriaForJob

	// An array of objects, one for each Amazon Web Services account that owns
	// specific S3 buckets to analyze. Each object specifies the account ID for an
	// account and one or more buckets to analyze for that account. A job's definition
	// can contain a bucketDefinitions array or a bucketCriteria object, not both.
	BucketDefinitions []S3BucketDefinitionForJob

	// The property- and tag-based conditions that determine which S3 objects to
	// include or exclude from the analysis. Each time the job runs, the job uses these
	// criteria to determine which objects to analyze.
	Scoping *Scoping

	noSmithyDocumentSerde
}

// Provides information about the S3 object that a finding applies to.
type S3Object struct {

	// The Amazon Resource Name (ARN) of the bucket that contains the object.
	BucketArn *string

	// The entity tag (ETag) that identifies the affected version of the object. If
	// the object was overwritten or changed after Amazon Macie produced the finding,
	// this value might be different from the current ETag for the object.
	ETag *string

	// The file name extension of the object. If the object doesn't have a file name
	// extension, this value is "".
	Extension *string

	// The full name (key) of the object, including the object's prefix if applicable.
	Key *string

	// The date and time, in UTC and extended ISO 8601 format, when the object was
	// last modified.
	LastModified *time.Time

	// The full path to the affected object, including the name of the affected bucket
	// and the object's name (key).
	Path *string

	// Specifies whether the object is publicly accessible due to the combination of
	// permissions settings that apply to the object.
	PublicAccess *bool

	// The type of server-side encryption that was used to encrypt the object.
	ServerSideEncryption *ServerSideEncryption

	// The total storage size, in bytes, of the object.
	Size *int64

	// The storage class of the object.
	StorageClass StorageClass

	// The tags that are associated with the object.
	Tags []KeyValuePair

	// The identifier for the affected version of the object.
	VersionId *string

	noSmithyDocumentSerde
}

// Provides information about an S3 object that lists specific text to ignore.
type S3WordsList struct {

	// The full name of the S3 bucket that contains the object.
	//
	// This member is required.
	BucketName *string

	// The full name (key) of the object.
	//
	// This member is required.
	ObjectKey *string

	noSmithyDocumentSerde
}

// Specifies one or more property- and tag-based conditions that define criteria
// for including or excluding S3 objects from a classification job. Exclude
// conditions take precedence over include conditions.
type Scoping struct {

	// The property- and tag-based conditions that determine which objects to exclude
	// from the analysis.
	Excludes *JobScopingBlock

	// The property- and tag-based conditions that determine which objects to include
	// in the analysis.
	Includes *JobScopingBlock

	noSmithyDocumentSerde
}

// Specifies property- and tag-based conditions that define filter criteria for
// including or excluding S3 buckets from the query results. Exclude conditions
// take precedence over include conditions.
type SearchResourcesBucketCriteria struct {

	// The property- and tag-based conditions that determine which buckets to exclude
	// from the results.
	Excludes *SearchResourcesCriteriaBlock

	// The property- and tag-based conditions that determine which buckets to include
	// in the results.
	Includes *SearchResourcesCriteriaBlock

	noSmithyDocumentSerde
}

// Specifies a property- or tag-based filter condition for including or excluding
// Amazon Web Services resources from the query results.
type SearchResourcesCriteria struct {

	// A property-based condition that defines a property, operator, and one or more
	// values for including or excluding resources from the results.
	SimpleCriterion *SearchResourcesSimpleCriterion

	// A tag-based condition that defines an operator and tag keys, tag values, or tag
	// key and value pairs for including or excluding resources from the results.
	TagCriterion *SearchResourcesTagCriterion

	noSmithyDocumentSerde
}

// Specifies property- and tag-based conditions that define filter criteria for
// including or excluding Amazon Web Services resources from the query results.
type SearchResourcesCriteriaBlock struct {

	// An array of objects, one for each property- or tag-based condition that
	// includes or excludes resources from the query results. If you specify more than
	// one condition, Amazon Macie uses AND logic to join the conditions.
	And []SearchResourcesCriteria

	noSmithyDocumentSerde
}

// Specifies a property-based filter condition that determines which Amazon Web
// Services resources are included or excluded from the query results.
type SearchResourcesSimpleCriterion struct {

	// The operator to use in the condition. Valid values are EQ (equals) and NE (not
	// equals).
	Comparator SearchResourcesComparator

	// The property to use in the condition.
	Key SearchResourcesSimpleCriterionKey

	// An array that lists one or more values to use in the condition. If you specify
	// multiple values, Amazon Macie uses OR logic to join the values. Valid values for
	// each supported property (key) are:
	//   - ACCOUNT_ID - A string that represents the unique identifier for the Amazon
	//   Web Services account that owns the resource.
	//   - S3_BUCKET_EFFECTIVE_PERMISSION - A string that represents an enumerated
	//   value that Macie defines for the BucketPublicAccess.effectivePermission (https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketpublicaccess-effectivepermission)
	//   property of an S3 bucket.
	//   - S3_BUCKET_NAME - A string that represents the name of an S3 bucket.
	//   - S3_BUCKET_SHARED_ACCESS - A string that represents an enumerated value that
	//   Macie defines for the BucketMetadata.sharedAccess (https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketmetadata-sharedaccess)
	//   property of an S3 bucket.
	// Values are case sensitive. Also, Macie doesn't support use of partial values or
	// wildcard characters in values.
	Values []string

	noSmithyDocumentSerde
}

// Specifies criteria for sorting the results of a query for information about
// Amazon Web Services resources that Amazon Macie monitors and analyzes.
type SearchResourcesSortCriteria struct {

	// The property to sort the results by.
	AttributeName SearchResourcesSortAttributeName

	// The sort order to apply to the results, based on the value for the property
	// specified by the attributeName property. Valid values are: ASC, sort the results
	// in ascending order; and, DESC, sort the results in descending order.
	OrderBy OrderBy

	noSmithyDocumentSerde
}

// Specifies a tag-based filter condition that determines which Amazon Web
// Services resources are included or excluded from the query results.
type SearchResourcesTagCriterion struct {

	// The operator to use in the condition. Valid values are EQ (equals) and NE (not
	// equals).
	Comparator SearchResourcesComparator

	// The tag keys, tag values, or tag key and value pairs to use in the condition.
	TagValues []SearchResourcesTagCriterionPair

	noSmithyDocumentSerde
}

// Specifies a tag key, a tag value, or a tag key and value (as a pair) to use in
// a tag-based filter condition for a query. Tag keys and values are case
// sensitive. Also, Amazon Macie doesn't support use of partial values or wildcard
// characters in tag-based filter conditions.
type SearchResourcesTagCriterionPair struct {

	// The value for the tag key to use in the condition.
	Key *string

	// The tag value to use in the condition.
	Value *string

	noSmithyDocumentSerde
}

// Specifies configuration settings that determine which findings are published to
// Security Hub automatically. For information about how Macie publishes findings
// to Security Hub, see Amazon Macie integration with Security Hub (https://docs.aws.amazon.com/macie/latest/user/securityhub-integration.html)
// in the Amazon Macie User Guide.
type SecurityHubConfiguration struct {

	// Specifies whether to publish sensitive data findings to Security Hub. If you
	// set this value to true, Amazon Macie automatically publishes all sensitive data
	// findings that weren't suppressed by a findings filter. The default value is
	// false.
	//
	// This member is required.
	PublishClassificationFindings *bool

	// Specifies whether to publish policy findings to Security Hub. If you set this
	// value to true, Amazon Macie automatically publishes all new and updated policy
	// findings that weren't suppressed by a findings filter. The default value is
	// true.
	//
	// This member is required.
	PublishPolicyFindings *bool

	noSmithyDocumentSerde
}

// Provides information about the category, types, and occurrences of sensitive
// data that produced a sensitive data finding.
type SensitiveDataItem struct {

	// The category of sensitive data that was detected. For example: CREDENTIALS, for
	// credentials data such as private keys or Amazon Web Services secret access keys;
	// FINANCIAL_INFORMATION, for financial data such as credit card numbers; or,
	// PERSONAL_INFORMATION, for personal health information, such as health insurance
	// identification numbers, or personally identifiable information, such as passport
	// numbers.
	Category SensitiveDataItemCategory

	// An array of objects, one for each type of sensitive data that was detected.
	// Each object reports the number of occurrences of a specific type of sensitive
	// data that was detected, and the location of up to 15 of those occurrences.
	Detections []DefaultDetection

	// The total number of occurrences of the sensitive data that was detected.
	TotalCount *int64

	noSmithyDocumentSerde
}

// Provides aggregated statistical data for sensitive data discovery metrics that
// apply to S3 buckets. Each field contains aggregated data for all the buckets
// that have a sensitivity score (sensitivityScore) of a specified value or within
// a specified range (BucketStatisticsBySensitivity). If automated sensitive data
// discovery is currently disabled for your account, the value for each field is 0.
type SensitivityAggregations struct {

	// The total storage size, in bytes, of all the objects that Amazon Macie can
	// analyze in the buckets. These objects use a supported storage class and have a
	// file name extension for a supported file or storage format. If versioning is
	// enabled for any of the buckets, this value is based on the size of the latest
	// version of each applicable object in the buckets. This value doesn't reflect the
	// storage size of all versions of all applicable objects in the buckets.
	ClassifiableSizeInBytes *int64

	// The total number of buckets that are publicly accessible due to a combination
	// of permissions settings for each bucket.
	PubliclyAccessibleCount *int64

	// The total number of buckets.
	TotalCount *int64

	// The total storage size, in bytes, of the buckets. If versioning is enabled for
	// any of the buckets, this value is based on the size of the latest version of
	// each object in the buckets. This value doesn't reflect the storage size of all
	// versions of the objects in the buckets.
	TotalSizeInBytes *int64

	noSmithyDocumentSerde
}

// Specifies managed data identifiers to exclude (not use) when performing
// automated sensitive data discovery for an Amazon Macie account. For information
// about the managed data identifiers that Amazon Macie currently provides, see
// Using managed data identifiers (https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html)
// in the Amazon Macie User Guide.
type SensitivityInspectionTemplateExcludes struct {

	// An array of unique identifiers, one for each managed data identifier to
	// exclude. To retrieve a list of valid values, use the ListManagedDataIdentifiers
	// operation.
	ManagedDataIdentifierIds []string

	noSmithyDocumentSerde
}

// Specifies the allow lists, custom data identifiers, and managed data
// identifiers to include (use) when performing automated sensitive data discovery
// for an Amazon Macie account. The configuration must specify at least one custom
// data identifier or managed data identifier. For information about the managed
// data identifiers that Amazon Macie currently provides, see Using managed data
// identifiers (https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html)
// in the Amazon Macie User Guide.
type SensitivityInspectionTemplateIncludes struct {

	// An array of unique identifiers, one for each allow list to include.
	AllowListIds []string

	// An array of unique identifiers, one for each custom data identifier to include.
	CustomDataIdentifierIds []string

	// An array of unique identifiers, one for each managed data identifier to
	// include. Amazon Macie uses these managed data identifiers in addition to managed
	// data identifiers that are subsequently released and recommended for automated
	// sensitive data discovery. To retrieve a list of valid values for the managed
	// data identifiers that are currently available, use the
	// ListManagedDataIdentifiers operation.
	ManagedDataIdentifierIds []string

	noSmithyDocumentSerde
}

// Provides information about the sensitivity inspection template for an Amazon
// Macie account. Macie uses the template's settings when it performs automated
// sensitive data discovery for the account.
type SensitivityInspectionTemplatesEntry struct {

	// The unique identifier for the sensitivity inspection template.
	Id *string

	// The name of the sensitivity inspection template:
	// automated-sensitive-data-discovery.
	Name *string

	noSmithyDocumentSerde
}

// Provides information about the default server-side encryption settings for an
// S3 bucket or the encryption settings for an S3 object.
type ServerSideEncryption struct {

	// The server-side encryption algorithm that's used when storing data in the
	// bucket or object. If default encryption settings aren't configured for the
	// bucket or the object isn't encrypted using server-side encryption, this value is
	// NONE.
	EncryptionType EncryptionType

	// The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS key
	// that's used to encrypt data in the bucket or the object. This value is null if
	// an KMS key isn't used to encrypt the data.
	KmsMasterKeyId *string

	noSmithyDocumentSerde
}

// Specifies a current quota for an Amazon Macie account.
type ServiceLimit struct {

	// Specifies whether the account has met the quota that corresponds to the metric
	// specified by the UsageByAccount.type field in the response.
	IsServiceLimited *bool

	// The unit of measurement for the value specified by the value field.
	Unit Unit

	// The value for the metric specified by the UsageByAccount.type field in the
	// response.
	Value *int64

	noSmithyDocumentSerde
}

// Provides information about a session that was created for an entity that
// performed an action by using temporary security credentials.
type SessionContext struct {

	// The date and time when the credentials were issued, and whether the credentials
	// were authenticated with a multi-factor authentication (MFA) device.
	Attributes *SessionContextAttributes

	// The source and type of credentials that were issued to the entity.
	SessionIssuer *SessionIssuer

	noSmithyDocumentSerde
}

// Provides information about the context in which temporary security credentials
// were issued to an entity.
type SessionContextAttributes struct {

	// The date and time, in UTC and ISO 8601 format, when the credentials were issued.
	CreationDate *time.Time

	// Specifies whether the credentials were authenticated with a multi-factor
	// authentication (MFA) device.
	MfaAuthenticated *bool

	noSmithyDocumentSerde
}

// Provides information about the source and type of temporary security
// credentials that were issued to an entity.
type SessionIssuer struct {

	// The unique identifier for the Amazon Web Services account that owns the entity
	// that was used to get the credentials.
	AccountId *string

	// The Amazon Resource Name (ARN) of the source account, Identity and Access
	// Management (IAM) user, or role that was used to get the credentials.
	Arn *string

	// The unique identifier for the entity that was used to get the credentials.
	PrincipalId *string

	// The source of the temporary security credentials, such as Root, IAMUser, or
	// Role.
	Type *string

	// The name or alias of the user or role that issued the session. This value is
	// null if the credentials were obtained from a root account that doesn't have an
	// alias.
	UserName *string

	noSmithyDocumentSerde
}

// Provides the numerical and qualitative representations of a finding's severity.
type Severity struct {

	// The qualitative representation of the finding's severity, ranging from Low
	// (least severe) to High (most severe).
	Description SeverityDescription

	// The numerical representation of the finding's severity, ranging from 1 (least
	// severe) to 3 (most severe).
	Score *int64

	noSmithyDocumentSerde
}

// Specifies a severity level for findings that a custom data identifier produces.
// A severity level determines which severity is assigned to the findings, based on
// the number of occurrences of text that match the custom data identifier's
// detection criteria.
type SeverityLevel struct {

	// The minimum number of occurrences of text that must match the custom data
	// identifier's detection criteria in order to produce a finding with the specified
	// severity (severity).
	//
	// This member is required.
	OccurrencesThreshold *int64

	// The severity to assign to a finding: if the number of occurrences is greater
	// than or equal to the specified threshold (occurrencesThreshold); and, if
	// applicable, the number of occurrences is less than the threshold for the next
	// consecutive severity level for the custom data identifier, moving from LOW to
	// HIGH.
	//
	// This member is required.
	Severity DataIdentifierSeverity

	noSmithyDocumentSerde
}

// Specifies a property-based condition that determines whether an S3 bucket is
// included or excluded from a classification job.
type SimpleCriterionForJob struct {

	// The operator to use in the condition. Valid values are EQ (equals) and NE (not
	// equals).
	Comparator JobComparator

	// The property to use in the condition.
	Key SimpleCriterionKeyForJob

	// An array that lists one or more values to use in the condition. If you specify
	// multiple values, Amazon Macie uses OR logic to join the values. Valid values for
	// each supported property (key) are:
	//   - ACCOUNT_ID - A string that represents the unique identifier for the Amazon
	//   Web Services account that owns the bucket.
	//   - S3_BUCKET_EFFECTIVE_PERMISSION - A string that represents an enumerated
	//   value that Macie defines for the BucketPublicAccess.effectivePermission (https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketpublicaccess-effectivepermission)
	//   property of a bucket.
	//   - S3_BUCKET_NAME - A string that represents the name of a bucket.
	//   - S3_BUCKET_SHARED_ACCESS - A string that represents an enumerated value that
	//   Macie defines for the BucketMetadata.sharedAccess (https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketmetadata-sharedaccess)
	//   property of a bucket.
	// Values are case sensitive. Also, Macie doesn't support use of partial values or
	// wildcard characters in these values.
	Values []string

	noSmithyDocumentSerde
}

// Specifies a property-based condition that determines whether an S3 object is
// included or excluded from a classification job.
type SimpleScopeTerm struct {

	// The operator to use in the condition. Valid values for each supported property
	// (key) are:
	//   - OBJECT_EXTENSION - EQ (equals) or NE (not equals)
	//   - OBJECT_KEY - STARTS_WITH
	//   - OBJECT_LAST_MODIFIED_DATE - EQ (equals), GT (greater than), GTE (greater
	//   than or equals), LT (less than), LTE (less than or equals), or NE (not equals)
	//   - OBJECT_SIZE - EQ (equals), GT (greater than), GTE (greater than or equals),
	//   LT (less than), LTE (less than or equals), or NE (not equals)
	Comparator JobComparator

	// The object property to use in the condition.
	Key ScopeFilterKey

	// An array that lists the values to use in the condition. If the value for the
	// key property is OBJECT_EXTENSION or OBJECT_KEY, this array can specify multiple
	// values and Amazon Macie uses OR logic to join the values. Otherwise, this array
	// can specify only one value. Valid values for each supported property (key) are:
	//   - OBJECT_EXTENSION - A string that represents the file name extension of an
	//   object. For example: docx or pdf
	//   - OBJECT_KEY - A string that represents the key prefix (folder name or path)
	//   of an object. For example: logs or awslogs/eventlogs. This value applies a
	//   condition to objects whose keys (names) begin with the specified value.
	//   - OBJECT_LAST_MODIFIED_DATE - The date and time (in UTC and extended ISO 8601
	//   format) when an object was created or last changed, whichever is latest. For
	//   example: 2023-09-24T14:31:13Z
	//   - OBJECT_SIZE - An integer that represents the storage size (in bytes) of an
	//   object.
	// Macie doesn't support use of wildcard characters in these values. Also, string
	// values are case sensitive.
	Values []string

	noSmithyDocumentSerde
}

// Specifies criteria for sorting the results of a request for findings.
type SortCriteria struct {

	// The name of the property to sort the results by. Valid values are: count,
	// createdAt, policyDetails.action.apiCallDetails.firstSeen,
	// policyDetails.action.apiCallDetails.lastSeen, resourcesAffected, severity.score,
	// type, and updatedAt.
	AttributeName *string

	// The sort order to apply to the results, based on the value for the property
	// specified by the attributeName property. Valid values are: ASC, sort the results
	// in ascending order; and, DESC, sort the results in descending order.
	OrderBy OrderBy

	noSmithyDocumentSerde
}

// Provides processing statistics for a classification job.
type Statistics struct {

	// The approximate number of objects that the job has yet to process during its
	// current run.
	ApproximateNumberOfObjectsToProcess *float64

	// The number of times that the job has run.
	NumberOfRuns *float64

	noSmithyDocumentSerde
}

// Specifies a custom data identifier or managed data identifier that detected a
// type of sensitive data to start excluding or including in an S3 bucket's
// sensitivity score.
type SuppressDataIdentifier struct {

	// The unique identifier for the custom data identifier or managed data identifier
	// that detected the type of sensitive data to exclude or include in the score.
	Id *string

	// The type of data identifier that detected the sensitive data. Possible values
	// are: CUSTOM, for a custom data identifier; and, MANAGED, for a managed data
	// identifier.
	Type DataIdentifierType

	noSmithyDocumentSerde
}

// Specifies a tag-based condition that determines whether an S3 bucket is
// included or excluded from a classification job.
type TagCriterionForJob struct {

	// The operator to use in the condition. Valid values are EQ (equals) and NE (not
	// equals).
	Comparator JobComparator

	// The tag keys, tag values, or tag key and value pairs to use in the condition.
	TagValues []TagCriterionPairForJob

	noSmithyDocumentSerde
}

// Specifies a tag key, a tag value, or a tag key and value (as a pair) to use in
// a tag-based condition that determines whether an S3 bucket is included or
// excluded from a classification job. Tag keys and values are case sensitive.
// Also, Amazon Macie doesn't support use of partial values or wildcard characters
// in tag-based conditions.
type TagCriterionPairForJob struct {

	// The value for the tag key to use in the condition.
	Key *string

	// The tag value to use in the condition.
	Value *string

	noSmithyDocumentSerde
}

// Specifies a tag-based condition that determines whether an S3 object is
// included or excluded from a classification job.
type TagScopeTerm struct {

	// The operator to use in the condition. Valid values are EQ (equals) or NE (not
	// equals).
	Comparator JobComparator

	// The object property to use in the condition. The only valid value is TAG.
	Key *string

	// The tag keys or tag key and value pairs to use in the condition. To specify
	// only tag keys in a condition, specify the keys in this array and set the value
	// for each associated tag value to an empty string.
	TagValues []TagValuePair

	// The type of object to apply the condition to.
	Target TagTarget

	noSmithyDocumentSerde
}

// Specifies a tag key or tag key and value pair to use in a tag-based condition
// that determines whether an S3 object is included or excluded from a
// classification job. Tag keys and values are case sensitive. Also, Amazon Macie
// doesn't support use of partial values or wildcard characters in tag-based
// conditions.
type TagValuePair struct {

	// The value for the tag key to use in the condition.
	Key *string

	// The tag value, associated with the specified tag key (key), to use in the
	// condition. To specify only a tag key for a condition, specify the tag key for
	// the key property and set this value to an empty string.
	Value *string

	noSmithyDocumentSerde
}

// Provides information about an account-related request that hasn't been
// processed.
type UnprocessedAccount struct {

	// The Amazon Web Services account ID for the account that the request applies to.
	AccountId *string

	// The source of the issue or delay in processing the request.
	ErrorCode ErrorCode

	// The reason why the request hasn't been processed.
	ErrorMessage *string

	noSmithyDocumentSerde
}

// Specifies the access method and settings to use when retrieving occurrences of
// sensitive data reported by findings. If your request specifies an Identity and
// Access Management (IAM) role to assume when retrieving the sensitive data,
// Amazon Macie verifies that the role exists and the attached policies are
// configured correctly. If there's an issue, Macie returns an error. For
// information about addressing the issue, see Retrieving sensitive data samples
// with findings (https://docs.aws.amazon.com/macie/latest/user/findings-retrieve-sd.html)
// in the Amazon Macie User Guide.
type UpdateRetrievalConfiguration struct {

	// The access method to use when retrieving sensitive data from affected S3
	// objects. Valid values are: ASSUME_ROLE, assume an IAM role that is in the
	// affected Amazon Web Services account and delegates access to Amazon Macie; and,
	// CALLER_CREDENTIALS, use the credentials of the IAM user who requests the
	// sensitive data. If you specify ASSUME_ROLE, also specify the name of an existing
	// IAM role for Macie to assume (roleName). If you change this value from
	// ASSUME_ROLE to CALLER_CREDENTIALS for an existing configuration, Macie
	// permanently deletes the external ID and role name currently specified for the
	// configuration. These settings can't be recovered after they're deleted.
	//
	// This member is required.
	RetrievalMode RetrievalMode

	// The name of the IAM role that is in the affected Amazon Web Services account
	// and Amazon Macie is allowed to assume when retrieving sensitive data from
	// affected S3 objects for the account. The trust and permissions policies for the
	// role must meet all requirements for Macie to assume the role.
	RoleName *string

	noSmithyDocumentSerde
}

// Provides data for a specific usage metric and the corresponding quota for an
// Amazon Macie account.
type UsageByAccount struct {

	// The type of currency that the value for the metric (estimatedCost) is reported
	// in.
	Currency Currency

	// The estimated value for the metric.
	EstimatedCost *string

	// The current value for the quota that corresponds to the metric specified by the
	// type field.
	ServiceLimit *ServiceLimit

	// The name of the metric. Possible values are: AUTOMATED_OBJECT_MONITORING, to
	// monitor S3 objects for automated sensitive data discovery;
	// AUTOMATED_SENSITIVE_DATA_DISCOVERY, to analyze S3 objects for automated
	// sensitive data discovery; DATA_INVENTORY_EVALUATION, to monitor S3 buckets; and,
	// SENSITIVE_DATA_DISCOVERY, to run classification jobs.
	Type UsageType

	noSmithyDocumentSerde
}

// Provides quota and aggregated usage data for an Amazon Macie account.
type UsageRecord struct {

	// The unique identifier for the Amazon Web Services account that the data applies
	// to.
	AccountId *string

	// The date and time, in UTC and extended ISO 8601 format, when the free trial of
	// automated sensitive data discovery started for the account. If the account is a
	// member account in an organization, this value is the same as the value for the
	// organization's Amazon Macie administrator account.
	AutomatedDiscoveryFreeTrialStartDate *time.Time

	// The date and time, in UTC and extended ISO 8601 format, when the Amazon Macie
	// free trial started for the account.
	FreeTrialStartDate *time.Time

	// An array of objects that contains usage data and quotas for the account. Each
	// object contains the data for a specific usage metric and the corresponding
	// quota.
	Usage []UsageByAccount

	noSmithyDocumentSerde
}

// Specifies a condition for filtering the results of a query for quota and usage
// data for one or more Amazon Macie accounts.
type UsageStatisticsFilter struct {

	// The operator to use in the condition. If the value for the key property is
	// accountId, this value must be CONTAINS. If the value for the key property is any
	// other supported field, this value can be EQ, GT, GTE, LT, LTE, or NE.
	Comparator UsageStatisticsFilterComparator

	// The field to use in the condition.
	Key UsageStatisticsFilterKey

	// An array that lists values to use in the condition, based on the value for the
	// field specified by the key property. If the value for the key property is
	// accountId, this array can specify multiple values. Otherwise, this array can
	// specify only one value. Valid values for each supported field are:
	//   - accountId - The unique identifier for an Amazon Web Services account.
	//   - freeTrialStartDate - The date and time, in UTC and extended ISO 8601
	//   format, when the Amazon Macie free trial started for an account.
	//   - serviceLimit - A Boolean (true or false) value that indicates whether an
	//   account has reached its monthly quota.
	//   - total - A string that represents the current estimated cost for an account.
	Values []string

	noSmithyDocumentSerde
}

// Specifies criteria for sorting the results of a query for Amazon Macie account
// quotas and usage data.
type UsageStatisticsSortBy struct {

	// The field to sort the results by.
	Key UsageStatisticsSortKey

	// The sort order to apply to the results, based on the value for the field
	// specified by the key property. Valid values are: ASC, sort the results in
	// ascending order; and, DESC, sort the results in descending order.
	OrderBy OrderBy

	noSmithyDocumentSerde
}

// Provides aggregated data for an Amazon Macie usage metric. The value for the
// metric reports estimated usage data for an account for the preceding 30 days or
// the current calendar month to date, depending on the time period (timeRange)
// specified in the request.
type UsageTotal struct {

	// The type of currency that the value for the metric (estimatedCost) is reported
	// in.
	Currency Currency

	// The estimated value for the metric.
	EstimatedCost *string

	// The name of the metric. Possible values are: AUTOMATED_OBJECT_MONITORING, to
	// monitor S3 objects for automated sensitive data discovery;
	// AUTOMATED_SENSITIVE_DATA_DISCOVERY, to analyze S3 objects for automated
	// sensitive data discovery; DATA_INVENTORY_EVALUATION, to monitor S3 buckets; and,
	// SENSITIVE_DATA_DISCOVERY, to run classification jobs.
	Type UsageType

	noSmithyDocumentSerde
}

// Provides information about the type and other characteristics of an entity that
// performed an action on an affected resource.
type UserIdentity struct {

	// If the action was performed with temporary security credentials that were
	// obtained using the AssumeRole operation of the Security Token Service (STS) API,
	// the identifiers, session context, and other details about the identity.
	AssumedRole *AssumedRole

	// If the action was performed using the credentials for another Amazon Web
	// Services account, the details of that account.
	AwsAccount *AwsAccount

	// If the action was performed by an Amazon Web Services account that belongs to
	// an Amazon Web Service, the name of the service.
	AwsService *AwsService

	// If the action was performed with temporary security credentials that were
	// obtained using the GetFederationToken operation of the Security Token Service
	// (STS) API, the identifiers, session context, and other details about the
	// identity.
	FederatedUser *FederatedUser

	// If the action was performed using the credentials for an Identity and Access
	// Management (IAM) user, the name and other details about the user.
	IamUser *IamUser

	// If the action was performed using the credentials for your Amazon Web Services
	// account, the details of your account.
	Root *UserIdentityRoot

	// The type of entity that performed the action.
	Type UserIdentityType

	noSmithyDocumentSerde
}

// Provides information about an Amazon Web Services account and entity that
// performed an action on an affected resource. The action was performed using the
// credentials for your Amazon Web Services account.
type UserIdentityRoot struct {

	// The unique identifier for the Amazon Web Services account.
	AccountId *string

	// The Amazon Resource Name (ARN) of the principal that performed the action. The
	// last section of the ARN contains the name of the user or role that performed the
	// action.
	Arn *string

	// The unique identifier for the entity that performed the action.
	PrincipalId *string

	noSmithyDocumentSerde
}

// Provides information about when a classification job was paused. For a one-time
// job, this object also specifies when the job will expire and be cancelled if it
// isn't resumed. For a recurring job, this object also specifies when the paused
// job run will expire and be cancelled if it isn't resumed. This object is present
// only if a job's current status (jobStatus) is USER_PAUSED. The information in
// this object applies only to a job that was paused while it had a status of
// RUNNING.
type UserPausedDetails struct {

	// The date and time, in UTC and extended ISO 8601 format, when the job or job run
	// will expire and be cancelled if you don't resume it first.
	JobExpiresAt *time.Time

	// The Amazon Resource Name (ARN) of the Health event that Amazon Macie sent to
	// notify you of the job or job run's pending expiration and cancellation. This
	// value is null if a job has been paused for less than 23 days.
	JobImminentExpirationHealthEventArn *string

	// The date and time, in UTC and extended ISO 8601 format, when you paused the job.
	JobPausedAt *time.Time

	noSmithyDocumentSerde
}

// Specifies a weekly recurrence pattern for running a classification job.
type WeeklySchedule struct {

	// The day of the week when Amazon Macie runs the job.
	DayOfWeek DayOfWeek

	noSmithyDocumentSerde
}

type noSmithyDocumentSerde = smithydocument.NoSerde