aws
diff --git a/Diff for: ‎clients/client-accessanalyzer/AccessAnalyzer.ts
+392-8 b/Diff for: ‎clients/client-accessanalyzer/AccessAnalyzer.ts
+392-8
diff --git a/Diff for: ‎clients/client-accessanalyzer/AccessAnalyzerClient.ts
+53-6 b/Diff for: ‎clients/client-accessanalyzer/AccessAnalyzerClient.ts
+53-6
diff --git a/Diff for: ‎clients/client-accessanalyzer/README.md
+13-11 b/Diff for: ‎clients/client-accessanalyzer/README.md
+13-11
diff --git a/Diff for: ‎clients/client-accessanalyzer/commands/ApplyArchiveRuleCommand.ts
+81 b/Diff for: ‎clients/client-accessanalyzer/commands/ApplyArchiveRuleCommand.ts
+81
diff --git a/Diff for: ‎clients/client-accessanalyzer/commands/CancelPolicyGenerationCommand.ts
+80 b/Diff for: ‎clients/client-accessanalyzer/commands/CancelPolicyGenerationCommand.ts
+80
@@ -1,30 +1,55 @@
+import { ApplyArchiveRuleCommandInput, ApplyArchiveRuleCommandOutput } from "./commands/ApplyArchiveRuleCommand";
+import {
+  CancelPolicyGenerationCommandInput,
+  CancelPolicyGenerationCommandOutput,
+} from "./commands/CancelPolicyGenerationCommand";
+import {
+  CreateAccessPreviewCommandInput,
+  CreateAccessPreviewCommandOutput,
+} from "./commands/CreateAccessPreviewCommand";
 import { CreateAnalyzerCommandInput, CreateAnalyzerCommandOutput } from "./commands/CreateAnalyzerCommand";
 import { CreateArchiveRuleCommandInput, CreateArchiveRuleCommandOutput } from "./commands/CreateArchiveRuleCommand";
 import { DeleteAnalyzerCommandInput, DeleteAnalyzerCommandOutput } from "./commands/DeleteAnalyzerCommand";
 import { DeleteArchiveRuleCommandInput, DeleteArchiveRuleCommandOutput } from "./commands/DeleteArchiveRuleCommand";
+import { GetAccessPreviewCommandInput, GetAccessPreviewCommandOutput } from "./commands/GetAccessPreviewCommand";
 import {
   GetAnalyzedResourceCommandInput,
   GetAnalyzedResourceCommandOutput,
 } from "./commands/GetAnalyzedResourceCommand";
 import { GetAnalyzerCommandInput, GetAnalyzerCommandOutput } from "./commands/GetAnalyzerCommand";
 import { GetArchiveRuleCommandInput, GetArchiveRuleCommandOutput } from "./commands/GetArchiveRuleCommand";
 import { GetFindingCommandInput, GetFindingCommandOutput } from "./commands/GetFindingCommand";
+import { GetGeneratedPolicyCommandInput, GetGeneratedPolicyCommandOutput } from "./commands/GetGeneratedPolicyCommand";
+import {
+  ListAccessPreviewFindingsCommandInput,
+  ListAccessPreviewFindingsCommandOutput,
+} from "./commands/ListAccessPreviewFindingsCommand";
+import { ListAccessPreviewsCommandInput, ListAccessPreviewsCommandOutput } from "./commands/ListAccessPreviewsCommand";
 import {
   ListAnalyzedResourcesCommandInput,
   ListAnalyzedResourcesCommandOutput,
 } from "./commands/ListAnalyzedResourcesCommand";
 import { ListAnalyzersCommandInput, ListAnalyzersCommandOutput } from "./commands/ListAnalyzersCommand";
 import { ListArchiveRulesCommandInput, ListArchiveRulesCommandOutput } from "./commands/ListArchiveRulesCommand";
 import { ListFindingsCommandInput, ListFindingsCommandOutput } from "./commands/ListFindingsCommand";
+import {
+  ListPolicyGenerationsCommandInput,
+  ListPolicyGenerationsCommandOutput,
+} from "./commands/ListPolicyGenerationsCommand";
 import {
   ListTagsForResourceCommandInput,
   ListTagsForResourceCommandOutput,
 } from "./commands/ListTagsForResourceCommand";
+import {
+  StartPolicyGenerationCommandInput,
+  StartPolicyGenerationCommandOutput,
+} from "./commands/StartPolicyGenerationCommand";
 import { StartResourceScanCommandInput, StartResourceScanCommandOutput } from "./commands/StartResourceScanCommand";
 import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
 import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand";
 import { UpdateArchiveRuleCommandInput, UpdateArchiveRuleCommandOutput } from "./commands/UpdateArchiveRuleCommand";
 import { UpdateFindingsCommandInput, UpdateFindingsCommandOutput } from "./commands/UpdateFindingsCommand";
+import { ValidatePolicyCommandInput, ValidatePolicyCommandOutput } from "./commands/ValidatePolicyCommand";
 import { ClientDefaultValues as __ClientDefaultValues } from "./runtimeConfig";
 import {
   EndpointsInputConfig,
@@ -77,44 +102,64 @@ import {
 } from "@aws-sdk/types";
 
 export type ServiceInputTypes =
+  | ApplyArchiveRuleCommandInput
+  | CancelPolicyGenerationCommandInput
+  | CreateAccessPreviewCommandInput
   | CreateAnalyzerCommandInput
   | CreateArchiveRuleCommandInput
   | DeleteAnalyzerCommandInput
   | DeleteArchiveRuleCommandInput
+  | GetAccessPreviewCommandInput
   | GetAnalyzedResourceCommandInput
   | GetAnalyzerCommandInput
   | GetArchiveRuleCommandInput
   | GetFindingCommandInput
+  | GetGeneratedPolicyCommandInput
+  | ListAccessPreviewFindingsCommandInput
+  | ListAccessPreviewsCommandInput
   | ListAnalyzedResourcesCommandInput
   | ListAnalyzersCommandInput
   | ListArchiveRulesCommandInput
   | ListFindingsCommandInput
+  | ListPolicyGenerationsCommandInput
   | ListTagsForResourceCommandInput
+  | StartPolicyGenerationCommandInput
   | StartResourceScanCommandInput
   | TagResourceCommandInput
   | UntagResourceCommandInput
   | UpdateArchiveRuleCommandInput
-  | UpdateFindingsCommandInput;
+  | UpdateFindingsCommandInput
+  | ValidatePolicyCommandInput;
 
 export type ServiceOutputTypes =
+  | ApplyArchiveRuleCommandOutput
+  | CancelPolicyGenerationCommandOutput
+  | CreateAccessPreviewCommandOutput
   | CreateAnalyzerCommandOutput
   | CreateArchiveRuleCommandOutput
   | DeleteAnalyzerCommandOutput
   | DeleteArchiveRuleCommandOutput
+  | GetAccessPreviewCommandOutput
   | GetAnalyzedResourceCommandOutput
   | GetAnalyzerCommandOutput
   | GetArchiveRuleCommandOutput
   | GetFindingCommandOutput
+  | GetGeneratedPolicyCommandOutput
+  | ListAccessPreviewFindingsCommandOutput
+  | ListAccessPreviewsCommandOutput
   | ListAnalyzedResourcesCommandOutput
   | ListAnalyzersCommandOutput
   | ListArchiveRulesCommandOutput
   | ListFindingsCommandOutput
+  | ListPolicyGenerationsCommandOutput
   | ListTagsForResourceCommandOutput
+  | StartPolicyGenerationCommandOutput
   | StartResourceScanCommandOutput
   | TagResourceCommandOutput
   | UntagResourceCommandOutput
   | UpdateArchiveRuleCommandOutput
-  | UpdateFindingsCommandOutput;
+  | UpdateFindingsCommandOutput
+  | ValidatePolicyCommandOutput;
 
 export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__HttpHandlerOptions>> {
   /**
@@ -233,10 +278,12 @@ export type AccessAnalyzerClientResolvedConfig = __SmithyResolvedConfiguration<_
 /**
  * <p>AWS IAM Access Analyzer helps identify potential resource-access risks by enabling you to identify
  *          any policies that grant access to an external principal. It does this by using logic-based
- *          reasoning to analyze resource-based policies in your AWS environment. An external principal
- *          can be another AWS account, a root user, an IAM user or role, a federated user, an AWS
- *          service, or an anonymous user. This guide describes the AWS IAM Access Analyzer operations that you can
- *          call programmatically. For general information about Access Analyzer, see the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html">AWS IAM Access Analyzer section of the IAM User Guide</a>.</p>
+ *          reasoning to analyze resource-based policies in your AWS environment. An external
+ *          principal can be another AWS account, a root user, an IAM user or role, a federated
+ *          user, an AWS service, or an anonymous user. You can also use Access Analyzer to preview and
+ *          validate public and cross-account access to your resources before deploying permissions
+ *          changes. This guide describes the AWS IAM Access Analyzer operations that you can call
+ *          programmatically. For general information about Access Analyzer, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html">AWS IAM Access Analyzer</a> in the <b>IAM User Guide</b>.</p>
  *          <p>To start using Access Analyzer, you first need to create an analyzer.</p>
  */
 export class AccessAnalyzerClient extends __Client<
 
@@ -9,10 +9,12 @@ AWS SDK for JavaScript AccessAnalyzer Client for Node.js, Browser and React Nati
 
 <p>AWS IAM Access Analyzer helps identify potential resource-access risks by enabling you to identify
 any policies that grant access to an external principal. It does this by using logic-based
-reasoning to analyze resource-based policies in your AWS environment. An external principal
-can be another AWS account, a root user, an IAM user or role, a federated user, an AWS
-service, or an anonymous user. This guide describes the AWS IAM Access Analyzer operations that you can
-call programmatically. For general information about Access Analyzer, see the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html">AWS IAM Access Analyzer section of the IAM User Guide</a>.</p>
+reasoning to analyze resource-based policies in your AWS environment. An external
+principal can be another AWS account, a root user, an IAM user or role, a federated
+user, an AWS service, or an anonymous user. You can also use Access Analyzer to preview and
+validate public and cross-account access to your resources before deploying permissions
+changes. This guide describes the AWS IAM Access Analyzer operations that you can call
+programmatically. For general information about Access Analyzer, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html">AWS IAM Access Analyzer</a> in the <b>IAM User Guide</b>.</p>
 <p>To start using Access Analyzer, you first need to create an analyzer.</p>
 
 ## Installing
@@ -30,16 +32,16 @@ using your favorite package manager:
 
 The AWS SDK is modulized by clients and commands.
 To send a request, you only need to import the `AccessAnalyzerClient` and
-the commands you need, for example `CreateAnalyzerCommand`:
+the commands you need, for example `ApplyArchiveRuleCommand`:
 
 ```js
 // ES5 example
-const { AccessAnalyzerClient, CreateAnalyzerCommand } = require("@aws-sdk/client-accessanalyzer");
+const { AccessAnalyzerClient, ApplyArchiveRuleCommand } = require("@aws-sdk/client-accessanalyzer");
 ```
 
 ```ts
 // ES6+ example
-import { AccessAnalyzerClient, CreateAnalyzerCommand } from "@aws-sdk/client-accessanalyzer";
+import { AccessAnalyzerClient, ApplyArchiveRuleCommand } from "@aws-sdk/client-accessanalyzer";
 ```
 
 ### Usage
@@ -58,7 +60,7 @@ const client = new AccessAnalyzerClient({ region: "REGION" });
 const params = {
   /** input parameters */
 };
-const command = new CreateAnalyzerCommand(params);
+const command = new ApplyArchiveRuleCommand(params);
 ```
 
 #### Async/await
@@ -137,15 +139,15 @@ const client = new AWS.AccessAnalyzer({ region: "REGION" });
 
 // async/await.
 try {
-  const data = await client.createAnalyzer(params);
+  const data = await client.applyArchiveRule(params);
   // process data.
 } catch (error) {
   // error handling.
 }
 
 // Promises.
 client
-  .createAnalyzer(params)
+  .applyArchiveRule(params)
   .then((data) => {
     // process data.
   })
@@ -154,7 +156,7 @@ client
   });
 
 // callbacks.
-client.createAnalyzer(params, (err, data) => {
+client.applyArchiveRule(params, (err, data) => {
   // proccess err and data.
 });
 ```
 
@@ -0,0 +1,81 @@
+import { AccessAnalyzerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../AccessAnalyzerClient";
+import { ApplyArchiveRuleRequest } from "../models/models_0";
+import {
+  deserializeAws_restJson1ApplyArchiveRuleCommand,
+  serializeAws_restJson1ApplyArchiveRuleCommand,
+} from "../protocols/Aws_restJson1";
+import { getSerdePlugin } from "@aws-sdk/middleware-serde";
+import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import {
+  FinalizeHandlerArguments,
+  Handler,
+  HandlerExecutionContext,
+  MiddlewareStack,
+  HttpHandlerOptions as __HttpHandlerOptions,
+  MetadataBearer as __MetadataBearer,
+  SerdeContext as __SerdeContext,
+} from "@aws-sdk/types";
+
+export type ApplyArchiveRuleCommandInput = ApplyArchiveRuleRequest;
+export type ApplyArchiveRuleCommandOutput = __MetadataBearer;
+
+/**
+ * <p>Retroactively applies the archive rule to existing findings that meet the archive rule
+ *          criteria.</p>
+ */
+export class ApplyArchiveRuleCommand extends $Command<
+  ApplyArchiveRuleCommandInput,
+  ApplyArchiveRuleCommandOutput,
+  AccessAnalyzerClientResolvedConfig
+> {
+  // Start section: command_properties
+  // End section: command_properties
+
+  constructor(readonly input: ApplyArchiveRuleCommandInput) {
+    // Start section: command_constructor
+    super();
+    // End section: command_constructor
+  }
+
+  /**
+   * @internal
+   */
+  resolveMiddleware(
+    clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
+    configuration: AccessAnalyzerClientResolvedConfig,
+    options?: __HttpHandlerOptions
+  ): Handler<ApplyArchiveRuleCommandInput, ApplyArchiveRuleCommandOutput> {
+    this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
+
+    const stack = clientStack.concat(this.middlewareStack);
+
+    const { logger } = configuration;
+    const clientName = "AccessAnalyzerClient";
+    const commandName = "ApplyArchiveRuleCommand";
+    const handlerExecutionContext: HandlerExecutionContext = {
+      logger,
+      clientName,
+      commandName,
+      inputFilterSensitiveLog: ApplyArchiveRuleRequest.filterSensitiveLog,
+      outputFilterSensitiveLog: (output: any) => output,
+    };
+    const { requestHandler } = configuration;
+    return stack.resolve(
+      (request: FinalizeHandlerArguments<any>) =>
+        requestHandler.handle(request.request as __HttpRequest, options || {}),
+      handlerExecutionContext
+    );
+  }
+
+  private serialize(input: ApplyArchiveRuleCommandInput, context: __SerdeContext): Promise<__HttpRequest> {
+    return serializeAws_restJson1ApplyArchiveRuleCommand(input, context);
+  }
+
+  private deserialize(output: __HttpResponse, context: __SerdeContext): Promise<ApplyArchiveRuleCommandOutput> {
+    return deserializeAws_restJson1ApplyArchiveRuleCommand(output, context);
+  }
+
+  // Start section: command_body_extra
+  // End section: command_body_extra
+}
@@ -0,0 +1,80 @@
+import { AccessAnalyzerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../AccessAnalyzerClient";
+import { CancelPolicyGenerationRequest, CancelPolicyGenerationResponse } from "../models/models_0";
+import {
+  deserializeAws_restJson1CancelPolicyGenerationCommand,
+  serializeAws_restJson1CancelPolicyGenerationCommand,
+} from "../protocols/Aws_restJson1";
+import { getSerdePlugin } from "@aws-sdk/middleware-serde";
+import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import {
+  FinalizeHandlerArguments,
+  Handler,
+  HandlerExecutionContext,
+  MiddlewareStack,
+  HttpHandlerOptions as __HttpHandlerOptions,
+  MetadataBearer as __MetadataBearer,
+  SerdeContext as __SerdeContext,
+} from "@aws-sdk/types";
+
+export type CancelPolicyGenerationCommandInput = CancelPolicyGenerationRequest;
+export type CancelPolicyGenerationCommandOutput = CancelPolicyGenerationResponse & __MetadataBearer;
+
+/**
+ * <p>Cancels the requested policy generation.</p>
+ */
+export class CancelPolicyGenerationCommand extends $Command<
+  CancelPolicyGenerationCommandInput,
+  CancelPolicyGenerationCommandOutput,
+  AccessAnalyzerClientResolvedConfig
+> {
+  // Start section: command_properties
+  // End section: command_properties
+
+  constructor(readonly input: CancelPolicyGenerationCommandInput) {
+    // Start section: command_constructor
+    super();
+    // End section: command_constructor
+  }
+
+  /**
+   * @internal
+   */
+  resolveMiddleware(
+    clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
+    configuration: AccessAnalyzerClientResolvedConfig,
+    options?: __HttpHandlerOptions
+  ): Handler<CancelPolicyGenerationCommandInput, CancelPolicyGenerationCommandOutput> {
+    this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
+
+    const stack = clientStack.concat(this.middlewareStack);
+
+    const { logger } = configuration;
+    const clientName = "AccessAnalyzerClient";
+    const commandName = "CancelPolicyGenerationCommand";
+    const handlerExecutionContext: HandlerExecutionContext = {
+      logger,
+      clientName,
+      commandName,
+      inputFilterSensitiveLog: CancelPolicyGenerationRequest.filterSensitiveLog,
+      outputFilterSensitiveLog: CancelPolicyGenerationResponse.filterSensitiveLog,
+    };
+    const { requestHandler } = configuration;
+    return stack.resolve(
+      (request: FinalizeHandlerArguments<any>) =>
+        requestHandler.handle(request.request as __HttpRequest, options || {}),
+      handlerExecutionContext
+    );
+  }
+
+  private serialize(input: CancelPolicyGenerationCommandInput, context: __SerdeContext): Promise<__HttpRequest> {
+    return serializeAws_restJson1CancelPolicyGenerationCommand(input, context);
+  }
+
+  private deserialize(output: __HttpResponse, context: __SerdeContext): Promise<CancelPolicyGenerationCommandOutput> {
+    return deserializeAws_restJson1CancelPolicyGenerationCommand(output, context);
+  }
+
+  // Start section: command_body_extra
+  // End section: command_body_extra
+}