Struct Client

pub struct Client { /* private fields */ }

Client for Access Analyzer

Client for invoking operations on Access Analyzer. Each operation on Access Analyzer is a method on this this struct. .send() MUST be invoked on the generated operations to dispatch the request to the service.

Constructing a Client

A Config is required to construct a client. For most use cases, the aws-config crate should be used to automatically resolve this config using aws_config::load_from_env(), since this will resolve an SdkConfig which can be shared across multiple different AWS SDK clients. This config resolution process can be customized by calling aws_config::from_env() instead, which returns a ConfigLoader that uses the builder pattern to customize the default config.

In the simplest case, creating a client looks as follows:

let config = aws_config::load_from_env().await;
let client = aws_sdk_accessanalyzer::Client::new(&config);

Occasionally, SDKs may have additional service-specific values that can be set on the Config that is absent from SdkConfig, or slightly different settings for a specific client may be desired. The Builder struct implements From<&SdkConfig>, so setting these specific settings can be done as follows:

let sdk_config = ::aws_config::load_from_env().await;
let config = aws_sdk_accessanalyzer::config::Builder::from(&sdk_config)
    .some_service_specific_setting("value")
    .build();

See the aws-config docs and Config for more information on customizing configuration.

Note: Client construction is expensive due to connection thread pool initialization, and should be done once at application start-up.

Using the Client

A client has a function for every operation that can be performed by the service. For example, the ApplyArchiveRule operation has a Client::apply_archive_rule, function which returns a builder for that operation. The fluent builder ultimately has a send() function that returns an async future that returns a result, as illustrated below:

let result = client.apply_archive_rule()
    .analyzer_arn("example")
    .send()
    .await;

The underlying HTTP requests that get made by this can be modified with the customize_operation function on the fluent builder. See the customize module for more information.

Implementations

impl Client

pub fn apply_archive_rule(&self) -> ApplyArchiveRuleFluentBuilder

Constructs a fluent builder for the ApplyArchiveRule operation.

• The fluent builder is configurable:
  • analyzer_arn(impl Into<String>) / set_analyzer_arn(Option<String>):
    required: true
    

    The Amazon resource name (ARN) of the analyzer.

    
    
  • rule_name(impl Into<String>) / set_rule_name(Option<String>):
    required: true
    

    The name of the rule to apply.

    
    
  • client_token(impl Into<String>) / set_client_token(Option<String>):
    required: false
    

    A client token.

    
    
• On success, responds with ApplyArchiveRuleOutput
• On failure, responds with SdkError<ApplyArchiveRuleError>

impl Client

pub fn cancel_policy_generation(&self) -> CancelPolicyGenerationFluentBuilder

Constructs a fluent builder for the CancelPolicyGeneration operation.

• The fluent builder is configurable:
  • job_id(impl Into<String>) / set_job_id(Option<String>):
    required: true
    

    The JobId that is returned by the StartPolicyGeneration operation. The JobId can be used with GetGeneratedPolicy to retrieve the generated policies or used with CancelPolicyGeneration to cancel the policy generation request.

    
    
• On success, responds with CancelPolicyGenerationOutput
• On failure, responds with SdkError<CancelPolicyGenerationError>

impl Client

pub fn check_access_not_granted(&self) -> CheckAccessNotGrantedFluentBuilder

Constructs a fluent builder for the CheckAccessNotGranted operation.

• The fluent builder is configurable:
  • policy_document(impl Into<String>) / set_policy_document(Option<String>):
    required: true
    

    The JSON policy document to use as the content for the policy.

    
    
  • access(Access) / set_access(Option<Vec::<Access>>):
    required: true
    

    An access object containing the permissions that shouldn’t be granted by the specified policy. If only actions are specified, IAM Access Analyzer checks for access to peform at least one of the actions on any resource in the policy. If only resources are specified, then IAM Access Analyzer checks for access to perform any action on at least one of the resources. If both actions and resources are specified, IAM Access Analyzer checks for access to perform at least one of the specified actions on at least one of the specified resources.

    
    
  • policy_type(AccessCheckPolicyType) / set_policy_type(Option<AccessCheckPolicyType>):
    required: true
    

    The type of policy. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups.

    Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets.

    
    
• On success, responds with CheckAccessNotGrantedOutput with field(s):
  • result(Option<CheckAccessNotGrantedResult>):

    The result of the check for whether the access is allowed. If the result is PASS, the specified policy doesn’t allow any of the specified permissions in the access object. If the result is FAIL, the specified policy might allow some or all of the permissions in the access object.

  • message(Option<String>):

    The message indicating whether the specified access is allowed.

  • reasons(Option<Vec::<ReasonSummary>>):

    A description of the reasoning of the result.

• On failure, responds with SdkError<CheckAccessNotGrantedError>

impl Client

pub fn check_no_new_access(&self) -> CheckNoNewAccessFluentBuilder

Constructs a fluent builder for the CheckNoNewAccess operation.

• The fluent builder is configurable:
  • new_policy_document(impl Into<String>) / set_new_policy_document(Option<String>):
    required: true
    

    The JSON policy document to use as the content for the updated policy.

    
    
  • existing_policy_document(impl Into<String>) / set_existing_policy_document(Option<String>):
    required: true
    

    The JSON policy document to use as the content for the existing policy.

    
    
  • policy_type(AccessCheckPolicyType) / set_policy_type(Option<AccessCheckPolicyType>):
    required: true
    

    The type of policy to compare. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups.

    Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy.

    
    
• On success, responds with CheckNoNewAccessOutput with field(s):
  • result(Option<CheckNoNewAccessResult>):

    The result of the check for new access. If the result is PASS, no new access is allowed by the updated policy. If the result is FAIL, the updated policy might allow new access.

  • message(Option<String>):

    The message indicating whether the updated policy allows new access.

  • reasons(Option<Vec::<ReasonSummary>>):

    A description of the reasoning of the result.

• On failure, responds with SdkError<CheckNoNewAccessError>

impl Client

pub fn check_no_public_access(&self) -> CheckNoPublicAccessFluentBuilder

Constructs a fluent builder for the CheckNoPublicAccess operation.

• The fluent builder is configurable:
  • policy_document(impl Into<String>) / set_policy_document(Option<String>):
    required: true
    

    The JSON policy document to evaluate for public access.

    
    
  • resource_type(AccessCheckResourceType) / set_resource_type(Option<AccessCheckResourceType>):
    required: true
    

    The type of resource to evaluate for public access. For example, to check for public access to Amazon S3 buckets, you can choose AWS::S3::Bucket for the resource type.

    For resource types not supported as valid values, IAM Access Analyzer will return an error.

    
    
• On success, responds with CheckNoPublicAccessOutput with field(s):
  • result(Option<CheckNoPublicAccessResult>):

    The result of the check for public access to the specified resource type. If the result is PASS, the policy doesn’t allow public access to the specified resource type. If the result is FAIL, the policy might allow public access to the specified resource type.

  • message(Option<String>):

    The message indicating whether the specified policy allows public access to resources.

  • reasons(Option<Vec::<ReasonSummary>>):

    A list of reasons why the specified resource policy grants public access for the resource type.

• On failure, responds with SdkError<CheckNoPublicAccessError>

impl Client

pub fn create_access_preview(&self) -> CreateAccessPreviewFluentBuilder

Constructs a fluent builder for the CreateAccessPreview operation.

• The fluent builder is configurable:
  • analyzer_arn(impl Into<String>) / set_analyzer_arn(Option<String>):
    required: true
    

    The ARN of the account analyzer used to generate the access preview. You can only create an access preview for analyzers with an Account type and Active status.

    
    
  • configurations(impl Into<String>, Configuration) / set_configurations(Option<HashMap::<String, Configuration>>):
    required: true
    

    Access control configuration for your resource that is used to generate the access preview. The access preview includes findings for external access allowed to the resource with the proposed access control configuration. The configuration must contain exactly one element.

    
    
  • client_token(impl Into<String>) / set_client_token(Option<String>):
    required: false
    

    A client token.

    
    
• On success, responds with CreateAccessPreviewOutput with field(s):
  • id(String):

    The unique ID for the access preview.

• On failure, responds with SdkError<CreateAccessPreviewError>

impl Client

pub fn create_analyzer(&self) -> CreateAnalyzerFluentBuilder

Constructs a fluent builder for the CreateAnalyzer operation.

• The fluent builder is configurable:
  • analyzer_name(impl Into<String>) / set_analyzer_name(Option<String>):
    required: true
    

    The name of the analyzer to create.

    
    
  • r#type(Type) / set_type(Option<Type>):
    required: true
    

    The type of analyzer to create. Only ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS, and ORGANIZATION_UNUSED_ACCESS analyzers are supported. You can create only one analyzer per account per Region. You can create up to 5 analyzers per organization per Region.

    
    
  • archive_rules(InlineArchiveRule) / set_archive_rules(Option<Vec::<InlineArchiveRule>>):
    required: false
    

    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.

    
    
  • tags(impl Into<String>, impl Into<String>) / set_tags(Option<HashMap::<String, String>>):
    required: false
    

    An array of key-value pairs to apply to the analyzer. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

    For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.

    For the tag value, you can specify a value that is 0 to 256 characters in length.

    
    
  • client_token(impl Into<String>) / set_client_token(Option<String>):
    required: false
    

    A client token.

    
    
  • configuration(AnalyzerConfiguration) / set_configuration(Option<AnalyzerConfiguration>):
    required: false
    

    Specifies the configuration of the analyzer. If the analyzer is an unused access analyzer, the specified scope of unused access is used for the configuration.

    
    
• On success, responds with CreateAnalyzerOutput with field(s):
  • arn(Option<String>):

    The ARN of the analyzer that was created by the request.

• On failure, responds with SdkError<CreateAnalyzerError>

impl Client

pub fn create_archive_rule(&self) -> CreateArchiveRuleFluentBuilder

Constructs a fluent builder for the CreateArchiveRule operation.

• The fluent builder is configurable:
  • analyzer_name(impl Into<String>) / set_analyzer_name(Option<String>):
    required: true
    

    The name of the created analyzer.

    
    
  • rule_name(impl Into<String>) / set_rule_name(Option<String>):
    required: true
    

    The name of the rule to create.

    
    
  • filter(impl Into<String>, Criterion) / set_filter(Option<HashMap::<String, Criterion>>):
    required: true
    

    The criteria for the rule.

    
    
  • client_token(impl Into<String>) / set_client_token(Option<String>):
    required: false
    

    A client token.

    
    
• On success, responds with CreateArchiveRuleOutput
• On failure, responds with SdkError<CreateArchiveRuleError>

impl Client

pub fn delete_analyzer(&self) -> DeleteAnalyzerFluentBuilder

Constructs a fluent builder for the DeleteAnalyzer operation.

• The fluent builder is configurable:
  • analyzer_name(impl Into<String>) / set_analyzer_name(Option<String>):
    required: true
    

    The name of the analyzer to delete.

    
    
  • client_token(impl Into<String>) / set_client_token(Option<String>):
    required: false
    

    A client token.

    
    
• On success, responds with DeleteAnalyzerOutput
• On failure, responds with SdkError<DeleteAnalyzerError>

impl Client

pub fn delete_archive_rule(&self) -> DeleteArchiveRuleFluentBuilder

Constructs a fluent builder for the DeleteArchiveRule operation.

• The fluent builder is configurable:
  • analyzer_name(impl Into<String>) / set_analyzer_name(Option<String>):
    required: true
    

    The name of the analyzer that associated with the archive rule to delete.

    
    
  • rule_name(impl Into<String>) / set_rule_name(Option<String>):
    required: true
    

    The name of the rule to delete.

    
    
  • client_token(impl Into<String>) / set_client_token(Option<String>):
    required: false
    

    A client token.

    
    
• On success, responds with DeleteArchiveRuleOutput
• On failure, responds with SdkError<DeleteArchiveRuleError>

impl Client

pub fn generate_finding_recommendation( &self, ) -> GenerateFindingRecommendationFluentBuilder

Constructs a fluent builder for the GenerateFindingRecommendation operation.

• The fluent builder is configurable:
  • analyzer_arn(impl Into<String>) / set_analyzer_arn(Option<String>):
    required: true
    

    The ARN of the analyzer used to generate the finding recommendation.

    
    
  • id(impl Into<String>) / set_id(Option<String>):
    required: true
    

    The unique ID for the finding recommendation.

    
    
• On success, responds with GenerateFindingRecommendationOutput
• On failure, responds with SdkError<GenerateFindingRecommendationError>

impl Client

pub fn get_access_preview(&self) -> GetAccessPreviewFluentBuilder

Constructs a fluent builder for the GetAccessPreview operation.

• The fluent builder is configurable:
  • access_preview_id(impl Into<String>) / set_access_preview_id(Option<String>):
    required: true
    

    The unique ID for the access preview.

    
    
  • analyzer_arn(impl Into<String>) / set_analyzer_arn(Option<String>):
    required: true
    

    The ARN of the analyzer used to generate the access preview.

    
    
• On success, responds with GetAccessPreviewOutput with field(s):
  • access_preview(Option<AccessPreview>):

    An object that contains information about the access preview.

• On failure, responds with SdkError<GetAccessPreviewError>

impl Client

pub fn get_analyzed_resource(&self) -> GetAnalyzedResourceFluentBuilder

Constructs a fluent builder for the GetAnalyzedResource operation.

• The fluent builder is configurable:
  • analyzer_arn(impl Into<String>) / set_analyzer_arn(Option<String>):
    required: true
    

    The ARN of the analyzer to retrieve information from.

    
    
  • resource_arn(impl Into<String>) / set_resource_arn(Option<String>):
    required: true
    

    The ARN of the resource to retrieve information about.

    
    
• On success, responds with GetAnalyzedResourceOutput with field(s):
  • resource(Option<AnalyzedResource>):

    An AnalyzedResource object that contains information that IAM Access Analyzer found when it analyzed the resource.

• On failure, responds with SdkError<GetAnalyzedResourceError>

impl Client

pub fn get_analyzer(&self) -> GetAnalyzerFluentBuilder

Constructs a fluent builder for the GetAnalyzer operation.

• The fluent builder is configurable:
  • analyzer_name(impl Into<String>) / set_analyzer_name(Option<String>):
    required: true
    

    The name of the analyzer retrieved.

    
    
• On success, responds with GetAnalyzerOutput with field(s):
  • analyzer(Option<AnalyzerSummary>):

    An AnalyzerSummary object that contains information about the analyzer.

• On failure, responds with SdkError<GetAnalyzerError>

impl Client

pub fn get_archive_rule(&self) -> GetArchiveRuleFluentBuilder

Constructs a fluent builder for the GetArchiveRule operation.

• The fluent builder is configurable:
  • analyzer_name(impl Into<String>) / set_analyzer_name(Option<String>):
    required: true
    

    The name of the analyzer to retrieve rules from.

    
    
  • rule_name(impl Into<String>) / set_rule_name(Option<String>):
    required: true
    

    The name of the rule to retrieve.

    
    
• On success, responds with GetArchiveRuleOutput with field(s):
  • archive_rule(Option<ArchiveRuleSummary>):

    Contains information about an archive rule. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.

• On failure, responds with SdkError<GetArchiveRuleError>

impl Client

pub fn get_finding(&self) -> GetFindingFluentBuilder

Constructs a fluent builder for the GetFinding operation.

• The fluent builder is configurable:
  • analyzer_arn(impl Into<String>) / set_analyzer_arn(Option<String>):
    required: true
    

    The ARN of the analyzer that generated the finding.

    
    
  • id(impl Into<String>) / set_id(Option<String>):
    required: true
    

    The ID of the finding to retrieve.

    
    
• On success, responds with GetFindingOutput with field(s):
  • finding(Option<Finding>):

    A finding object that contains finding details.

• On failure, responds with SdkError<GetFindingError>

impl Client

pub fn get_finding_recommendation( &self, ) -> GetFindingRecommendationFluentBuilder

Constructs a fluent builder for the GetFindingRecommendation operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • analyzer_arn(impl Into<String>) / set_analyzer_arn(Option<String>):
    required: true
    

    The ARN of the analyzer used to generate the finding recommendation.

    
    
  • id(impl Into<String>) / set_id(Option<String>):
    required: true
    

    The unique ID for the finding recommendation.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results to return in the response.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token used for pagination of results returned.

    
    
• On success, responds with GetFindingRecommendationOutput with field(s):
  • started_at(DateTime):

    The time at which the retrieval of the finding recommendation was started.

  • completed_at(Option<DateTime>):

    The time at which the retrieval of the finding recommendation was completed.

  • next_token(Option<String>):

    A token used for pagination of results returned.

  • error(Option<RecommendationError>):

    Detailed information about the reason that the retrieval of a recommendation for the finding failed.

  • resource_arn(String):

    The ARN of the resource of the finding.

  • recommended_steps(Option<Vec::<RecommendedStep>>):

    A group of recommended steps for the finding.

  • recommendation_type(RecommendationType):

    The type of recommendation for the finding.

  • status(Status):

    The status of the retrieval of the finding recommendation.

• On failure, responds with SdkError<GetFindingRecommendationError>

impl Client

pub fn get_finding_v2(&self) -> GetFindingV2FluentBuilder

Constructs a fluent builder for the GetFindingV2 operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • analyzer_arn(impl Into<String>) / set_analyzer_arn(Option<String>):
    required: true
    

    The ARN of the analyzer that generated the finding.

    
    
  • id(impl Into<String>) / set_id(Option<String>):
    required: true
    

    The ID of the finding to retrieve.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results to return in the response.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token used for pagination of results returned.

    
    
• On success, responds with GetFindingV2Output with field(s):
  • analyzed_at(DateTime):

    The time at which the resource-based policy or IAM entity that generated the finding was analyzed.

  • created_at(DateTime):

    The time at which the finding was created.

  • error(Option<String>):

    An error.

  • id(String):

    The ID of the finding to retrieve.

  • next_token(Option<String>):

    A token used for pagination of results returned.

  • resource(Option<String>):

    The resource that generated the finding.

  • resource_type(ResourceType):

    The type of the resource identified in the finding.

  • resource_owner_account(String):

    Tye Amazon Web Services account ID that owns the resource.

  • status(FindingStatus):

    The status of the finding.

  • updated_at(DateTime):

    The time at which the finding was updated.

  • finding_details(Vec::<FindingDetails>):

    A localized message that explains the finding and provides guidance on how to address it.

  • finding_type(Option<FindingType>):

    The type of the finding. For external access analyzers, the type is ExternalAccess. For unused access analyzers, the type can be UnusedIAMRole, UnusedIAMUserAccessKey, UnusedIAMUserPassword, or UnusedPermission.

• On failure, responds with SdkError<GetFindingV2Error>

impl Client

pub fn get_generated_policy(&self) -> GetGeneratedPolicyFluentBuilder

Constructs a fluent builder for the GetGeneratedPolicy operation.

• The fluent builder is configurable:
  • job_id(impl Into<String>) / set_job_id(Option<String>):
    required: true
    

    The JobId that is returned by the StartPolicyGeneration operation. The JobId can be used with GetGeneratedPolicy to retrieve the generated policies or used with CancelPolicyGeneration to cancel the policy generation request.

    
    
  • include_resource_placeholders(bool) / set_include_resource_placeholders(Option<bool>):
    required: false
    

    The level of detail that you want to generate. You can specify whether to generate policies with placeholders for resource ARNs for actions that support resource level granularity in policies.

    For example, in the resource section of a policy, you can receive a placeholder such as “Resource”:“arn:aws:s3:::${BucketName}” instead of “*”.

    
    
  • include_service_level_template(bool) / set_include_service_level_template(Option<bool>):
    required: false
    

    The level of detail that you want to generate. You can specify whether to generate service-level policies.

    IAM Access Analyzer uses iam:servicelastaccessed to identify services that have been used recently to create this service-level template.

    
    
• On success, responds with GetGeneratedPolicyOutput with field(s):
  • job_details(Option<JobDetails>):

    A GeneratedPolicyDetails object that contains details about the generated policy.

  • generated_policy_result(Option<GeneratedPolicyResult>):

    A GeneratedPolicyResult object that contains the generated policies and associated details.

• On failure, responds with SdkError<GetGeneratedPolicyError>

impl Client

pub fn list_access_preview_findings( &self, ) -> ListAccessPreviewFindingsFluentBuilder

Constructs a fluent builder for the ListAccessPreviewFindings operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • access_preview_id(impl Into<String>) / set_access_preview_id(Option<String>):
    required: true
    

    The unique ID for the access preview.

    
    
  • analyzer_arn(impl Into<String>) / set_analyzer_arn(Option<String>):
    required: true
    

    The ARN of the analyzer used to generate the access.

    
    
  • filter(impl Into<String>, Criterion) / set_filter(Option<HashMap::<String, Criterion>>):
    required: false
    

    Criteria to filter the returned findings.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token used for pagination of results returned.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results to return in the response.

    
    
• On success, responds with ListAccessPreviewFindingsOutput with field(s):
  • findings(Vec::<AccessPreviewFinding>):

    A list of access preview findings that match the specified filter criteria.

  • next_token(Option<String>):

    A token used for pagination of results returned.

• On failure, responds with SdkError<ListAccessPreviewFindingsError>

impl Client

pub fn list_access_previews(&self) -> ListAccessPreviewsFluentBuilder

Constructs a fluent builder for the ListAccessPreviews operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • analyzer_arn(impl Into<String>) / set_analyzer_arn(Option<String>):
    required: true
    

    The ARN of the analyzer used to generate the access preview.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token used for pagination of results returned.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results to return in the response.

    
    
• On success, responds with ListAccessPreviewsOutput with field(s):
  • access_previews(Vec::<AccessPreviewSummary>):

    A list of access previews retrieved for the analyzer.

  • next_token(Option<String>):

    A token used for pagination of results returned.

• On failure, responds with SdkError<ListAccessPreviewsError>

impl Client

pub fn list_analyzed_resources(&self) -> ListAnalyzedResourcesFluentBuilder

Constructs a fluent builder for the ListAnalyzedResources operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • analyzer_arn(impl Into<String>) / set_analyzer_arn(Option<String>):
    required: true
    

    The ARN of the analyzer to retrieve a list of analyzed resources from.

    
    
  • resource_type(ResourceType) / set_resource_type(Option<ResourceType>):
    required: false
    

    The type of resource.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token used for pagination of results returned.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results to return in the response.

    
    
• On success, responds with ListAnalyzedResourcesOutput with field(s):
  • analyzed_resources(Vec::<AnalyzedResourceSummary>):

    A list of resources that were analyzed.

  • next_token(Option<String>):

    A token used for pagination of results returned.

• On failure, responds with SdkError<ListAnalyzedResourcesError>

impl Client

pub fn list_analyzers(&self) -> ListAnalyzersFluentBuilder

Constructs a fluent builder for the ListAnalyzers operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token used for pagination of results returned.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results to return in the response.

    
    
  • r#type(Type) / set_type(Option<Type>):
    required: false
    

    The type of analyzer.

    
    
• On success, responds with ListAnalyzersOutput with field(s):
  • analyzers(Vec::<AnalyzerSummary>):

    The analyzers retrieved.

  • next_token(Option<String>):

    A token used for pagination of results returned.

• On failure, responds with SdkError<ListAnalyzersError>

impl Client

pub fn list_archive_rules(&self) -> ListArchiveRulesFluentBuilder

Constructs a fluent builder for the ListArchiveRules operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • analyzer_name(impl Into<String>) / set_analyzer_name(Option<String>):
    required: true
    

    The name of the analyzer to retrieve rules from.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token used for pagination of results returned.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results to return in the request.

    
    
• On success, responds with ListArchiveRulesOutput with field(s):
  • archive_rules(Vec::<ArchiveRuleSummary>):

    A list of archive rules created for the specified analyzer.

  • next_token(Option<String>):

    A token used for pagination of results returned.

• On failure, responds with SdkError<ListArchiveRulesError>

impl Client

pub fn list_findings(&self) -> ListFindingsFluentBuilder

Constructs a fluent builder for the ListFindings operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • analyzer_arn(impl Into<String>) / set_analyzer_arn(Option<String>):
    required: true
    

    The ARN of the analyzer to retrieve findings from.

    
    
  • filter(impl Into<String>, Criterion) / set_filter(Option<HashMap::<String, Criterion>>):
    required: false
    

    A filter to match for the findings to return.

    
    
  • sort(SortCriteria) / set_sort(Option<SortCriteria>):
    required: false
    

    The sort order for the findings returned.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token used for pagination of results returned.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results to return in the response.

    
    
• On success, responds with ListFindingsOutput with field(s):
  • findings(Vec::<FindingSummary>):

    A list of findings retrieved from the analyzer that match the filter criteria specified, if any.

  • next_token(Option<String>):

    A token used for pagination of results returned.

• On failure, responds with SdkError<ListFindingsError>

impl Client

pub fn list_findings_v2(&self) -> ListFindingsV2FluentBuilder

Constructs a fluent builder for the ListFindingsV2 operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • analyzer_arn(impl Into<String>) / set_analyzer_arn(Option<String>):
    required: true
    

    The ARN of the analyzer to retrieve findings from.

    
    
  • filter(impl Into<String>, Criterion) / set_filter(Option<HashMap::<String, Criterion>>):
    required: false
    

    A filter to match for the findings to return.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results to return in the response.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token used for pagination of results returned.

    
    
  • sort(SortCriteria) / set_sort(Option<SortCriteria>):
    required: false
    

    The criteria used to sort.

    
    
• On success, responds with ListFindingsV2Output with field(s):
  • findings(Vec::<FindingSummaryV2>):

    A list of findings retrieved from the analyzer that match the filter criteria specified, if any.

  • next_token(Option<String>):

    A token used for pagination of results returned.

• On failure, responds with SdkError<ListFindingsV2Error>

impl Client

pub fn list_policy_generations(&self) -> ListPolicyGenerationsFluentBuilder

Constructs a fluent builder for the ListPolicyGenerations operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • principal_arn(impl Into<String>) / set_principal_arn(Option<String>):
    required: false
    

    The ARN of the IAM entity (user or role) for which you are generating a policy. Use this with ListGeneratedPolicies to filter the results to only include results for a specific principal.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results to return in the response.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token used for pagination of results returned.

    
    
• On success, responds with ListPolicyGenerationsOutput with field(s):
  • policy_generations(Vec::<PolicyGeneration>):

    A PolicyGeneration object that contains details about the generated policy.

  • next_token(Option<String>):

    A token used for pagination of results returned.

• On failure, responds with SdkError<ListPolicyGenerationsError>

impl Client

pub fn list_tags_for_resource(&self) -> ListTagsForResourceFluentBuilder

Constructs a fluent builder for the ListTagsForResource operation.

• The fluent builder is configurable:
  • resource_arn(impl Into<String>) / set_resource_arn(Option<String>):
    required: true
    

    The ARN of the resource to retrieve tags from.

    
    
• On success, responds with ListTagsForResourceOutput with field(s):
  • tags(Option<HashMap::<String, String>>):

    The tags that are applied to the specified resource.

• On failure, responds with SdkError<ListTagsForResourceError>

impl Client

pub fn start_policy_generation(&self) -> StartPolicyGenerationFluentBuilder

Constructs a fluent builder for the StartPolicyGeneration operation.

• The fluent builder is configurable:
  • policy_generation_details(PolicyGenerationDetails) / set_policy_generation_details(Option<PolicyGenerationDetails>):
    required: true
    

    Contains the ARN of the IAM entity (user or role) for which you are generating a policy.

    
    
  • cloud_trail_details(CloudTrailDetails) / set_cloud_trail_details(Option<CloudTrailDetails>):
    required: false
    

    A CloudTrailDetails object that contains details about a Trail that you want to analyze to generate policies.

    
    
  • client_token(impl Into<String>) / set_client_token(Option<String>):
    required: false
    

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, the subsequent retries with the same client token return the result from the original successful request and they have no additional effect.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    
    
• On success, responds with StartPolicyGenerationOutput with field(s):
  • job_id(String):

    The JobId that is returned by the StartPolicyGeneration operation. The JobId can be used with GetGeneratedPolicy to retrieve the generated policies or used with CancelPolicyGeneration to cancel the policy generation request.

• On failure, responds with SdkError<StartPolicyGenerationError>

impl Client

pub fn start_resource_scan(&self) -> StartResourceScanFluentBuilder

Constructs a fluent builder for the StartResourceScan operation.

• The fluent builder is configurable:
  • analyzer_arn(impl Into<String>) / set_analyzer_arn(Option<String>):
    required: true
    

    The ARN of the analyzer to use to scan the policies applied to the specified resource.

    
    
  • resource_arn(impl Into<String>) / set_resource_arn(Option<String>):
    required: true
    

    The ARN of the resource to scan.

    
    
  • resource_owner_account(impl Into<String>) / set_resource_owner_account(Option<String>):
    required: false
    

    The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning account is the account in which the resource was created.

    
    
• On success, responds with StartResourceScanOutput
• On failure, responds with SdkError<StartResourceScanError>

impl Client

pub fn tag_resource(&self) -> TagResourceFluentBuilder

Constructs a fluent builder for the TagResource operation.

• The fluent builder is configurable:
  • resource_arn(impl Into<String>) / set_resource_arn(Option<String>):
    required: true
    

    The ARN of the resource to add the tag to.

    
    
  • tags(impl Into<String>, impl Into<String>) / set_tags(Option<HashMap::<String, String>>):
    required: true
    

    The tags to add to the resource.

    
    
• On success, responds with TagResourceOutput
• On failure, responds with SdkError<TagResourceError>

impl Client

pub fn untag_resource(&self) -> UntagResourceFluentBuilder

Constructs a fluent builder for the UntagResource operation.

• The fluent builder is configurable:
  • resource_arn(impl Into<String>) / set_resource_arn(Option<String>):
    required: true
    

    The ARN of the resource to remove the tag from.

    
    
  • tag_keys(impl Into<String>) / set_tag_keys(Option<Vec::<String>>):
    required: true
    

    The key for the tag to add.

    
    
• On success, responds with UntagResourceOutput
• On failure, responds with SdkError<UntagResourceError>

impl Client

pub fn update_analyzer(&self) -> UpdateAnalyzerFluentBuilder

Constructs a fluent builder for the UpdateAnalyzer operation.

• The fluent builder is configurable:
  • analyzer_name(impl Into<String>) / set_analyzer_name(Option<String>):
    required: true
    

    The name of the analyzer to modify.

    
    
  • configuration(AnalyzerConfiguration) / set_configuration(Option<AnalyzerConfiguration>):
    required: false
    

    Contains information about the configuration of an analyzer for an Amazon Web Services organization or account.

    
    
• On success, responds with UpdateAnalyzerOutput with field(s):
  • configuration(Option<AnalyzerConfiguration>):

    Contains information about the configuration of an analyzer for an Amazon Web Services organization or account.

• On failure, responds with SdkError<UpdateAnalyzerError>

impl Client

pub fn update_archive_rule(&self) -> UpdateArchiveRuleFluentBuilder

Constructs a fluent builder for the UpdateArchiveRule operation.

• The fluent builder is configurable:
  • analyzer_name(impl Into<String>) / set_analyzer_name(Option<String>):
    required: true
    

    The name of the analyzer to update the archive rules for.

    
    
  • rule_name(impl Into<String>) / set_rule_name(Option<String>):
    required: true
    

    The name of the rule to update.

    
    
  • filter(impl Into<String>, Criterion) / set_filter(Option<HashMap::<String, Criterion>>):
    required: true
    

    A filter to match for the rules to update. Only rules that match the filter are updated.

    
    
  • client_token(impl Into<String>) / set_client_token(Option<String>):
    required: false
    

    A client token.

    
    
• On success, responds with UpdateArchiveRuleOutput
• On failure, responds with SdkError<UpdateArchiveRuleError>

impl Client

pub fn update_findings(&self) -> UpdateFindingsFluentBuilder

Constructs a fluent builder for the UpdateFindings operation.

• The fluent builder is configurable:
  • analyzer_arn(impl Into<String>) / set_analyzer_arn(Option<String>):
    required: true
    

    The ARN of the analyzer that generated the findings to update.

    
    
  • status(FindingStatusUpdate) / set_status(Option<FindingStatusUpdate>):
    required: true
    

    The state represents the action to take to update the finding Status. Use ARCHIVE to change an Active finding to an Archived finding. Use ACTIVE to change an Archived finding to an Active finding.

    
    
  • ids(impl Into<String>) / set_ids(Option<Vec::<String>>):
    required: false
    

    The IDs of the findings to update.

    
    
  • resource_arn(impl Into<String>) / set_resource_arn(Option<String>):
    required: false
    

    The ARN of the resource identified in the finding.

    
    
  • client_token(impl Into<String>) / set_client_token(Option<String>):
    required: false
    

    A client token.

    
    
• On success, responds with UpdateFindingsOutput
• On failure, responds with SdkError<UpdateFindingsError>

impl Client

pub fn validate_policy(&self) -> ValidatePolicyFluentBuilder

Constructs a fluent builder for the ValidatePolicy operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • locale(Locale) / set_locale(Option<Locale>):
    required: false
    

    The locale to use for localizing the findings.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results to return in the response.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token used for pagination of results returned.

    
    
  • policy_document(impl Into<String>) / set_policy_document(Option<String>):
    required: true
    

    The JSON policy document to use as the content for the policy.

    
    
  • policy_type(PolicyType) / set_policy_type(Option<PolicyType>):
    required: true
    

    The type of policy to validate. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups.

    Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy.

    Service control policies (SCPs) are a type of organization policy attached to an Amazon Web Services organization, organizational unit (OU), or an account.

    
    
  • validate_policy_resource_type(ValidatePolicyResourceType) / set_validate_policy_resource_type(Option<ValidatePolicyResourceType>):
    required: false
    

    The type of resource to attach to your resource policy. Specify a value for the policy validation resource type only if the policy type is RESOURCE_POLICY. For example, to validate a resource policy to attach to an Amazon S3 bucket, you can choose AWS::S3::Bucket for the policy validation resource type.

    For resource types not supported as valid values, IAM Access Analyzer runs policy checks that apply to all resource policies. For example, to validate a resource policy to attach to a KMS key, do not specify a value for the policy validation resource type and IAM Access Analyzer will run policy checks that apply to all resource policies.

    
    
• On success, responds with ValidatePolicyOutput with field(s):
  • findings(Vec::<ValidatePolicyFinding>):

    The list of findings in a policy returned by IAM Access Analyzer based on its suite of policy checks.

  • next_token(Option<String>):

    A token used for pagination of results returned.

• On failure, responds with SdkError<ValidatePolicyError>

impl Client

pub fn from_conf(conf: Config) -> Self

Creates a new client from the service Config.

Panics

This method will panic in the following cases:

• Retries or timeouts are enabled without a sleep_impl configured.
• Identity caching is enabled without a sleep_impl and time_source configured.
• No behavior_version is provided.

The panic message for each of these will have instructions on how to resolve them.

pub fn config(&self) -> &Config

Returns the client’s configuration.

impl Client

pub fn new(sdk_config: &SdkConfig) -> Self

Creates a new client from an SDK Config.

Panics

• This method will panic if the sdk_config is missing an async sleep implementation. If you experience this panic, set the sleep_impl on the Config passed into this function to fix it.
• This method will panic if the sdk_config is missing an HTTP connector. If you experience this panic, set the http_connector on the Config passed into this function to fix it.
• This method will panic if no BehaviorVersion is provided. If you experience this panic, set behavior_version on the Config or enable the behavior-version-latest Cargo feature.

Trait Implementations

impl Clone for Client

fn clone(&self) -> Client

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Client

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.