Expand description
AWS IAM Access Analyzer helps identify potential resource-access risks by enabling you to identify any policies that grant access to an external principal. It does this by using logic-based reasoning to analyze resource-based policies in your AWS environment. An external principal can be another AWS account, a root user, an IAM user or role, a federated user, an AWS service, or an anonymous user. This guide describes the AWS IAM Access Analyzer operations that you can call programmatically. For general information about Access Analyzer, see the AWS IAM Access Analyzer section of the IAM User Guide.
To start using Access Analyzer, you first need to create an analyzer.
If you’re using the service, you’re probably looking for AccessAnalyzerClient and AccessAnalyzer.
Structs§
- Access
Analyzer Client - A client for the Access Analyzer API.
- Analyzed
Resource Contains details about the analyzed resource.
- Analyzed
Resource Summary Contains the ARN of the analyzed resource.
- Analyzer
Summary Contains information about the analyzer.
- Archive
Rule Summary Contains information about an archive rule.
- Create
Analyzer Request Creates an analyzer.
- Create
Analyzer Response The response to the request to create an analyzer.
- Create
Archive Rule Request Creates an archive rule.
- Criterion
The criteria to use in the filter that defines the archive rule.
- Delete
Analyzer Request Deletes an analyzer.
- Delete
Archive Rule Request Deletes an archive rule.
- Finding
Contains information about a finding.
- Finding
Source The source of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
- Finding
Source Detail Includes details about how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.
- Finding
Summary Contains information about a finding.
- GetAnalyzed
Resource Request Retrieves an analyzed resource.
- GetAnalyzed
Resource Response The response to the request.
- GetAnalyzer
Request Retrieves an analyzer.
- GetAnalyzer
Response The response to the request.
- GetArchive
Rule Request Retrieves an archive rule.
- GetArchive
Rule Response The response to the request.
- GetFinding
Request Retrieves a finding.
- GetFinding
Response The response to the request.
- Inline
Archive Rule An criterion statement in an archive rule. Each archive rule may have multiple criteria.
- List
Analyzed Resources Request Retrieves a list of resources that have been analyzed.
- List
Analyzed Resources Response The response to the request.
- List
Analyzers Request Retrieves a list of analyzers.
- List
Analyzers Response The response to the request.
- List
Archive Rules Request Retrieves a list of archive rules created for the specified analyzer.
- List
Archive Rules Response The response to the request.
- List
Findings Request Retrieves a list of findings generated by the specified analyzer.
- List
Findings Response The response to the request.
- List
Tags ForResource Request Retrieves a list of tags applied to the specified resource.
- List
Tags ForResource Response The response to the request.
- Sort
Criteria The criteria used to sort.
- Start
Resource Scan Request Starts a scan of the policies applied to the specified resource.
- Status
Reason Provides more details about the current status of the analyzer. For example, if the creation for the analyzer fails, a
Failedstatus is displayed. For an analyzer with organization as the type, this failure can be due to an issue with creating the service-linked roles required in the member accounts of the AWS organization.- TagResource
Request Adds a tag to the specified resource.
- TagResource
Response The response to the request.
- Untag
Resource Request Removes a tag from the specified resource.
- Untag
Resource Response The response to the request.
- Update
Archive Rule Request Updates the specified archive rule.
- Update
Findings Request Updates findings with the new values provided in the request.
- Validation
Exception Field Contains information about a validation exception.
Enums§
- Create
Analyzer Error - Errors returned by CreateAnalyzer
- Create
Archive Rule Error - Errors returned by CreateArchiveRule
- Delete
Analyzer Error - Errors returned by DeleteAnalyzer
- Delete
Archive Rule Error - Errors returned by DeleteArchiveRule
- GetAnalyzed
Resource Error - Errors returned by GetAnalyzedResource
- GetAnalyzer
Error - Errors returned by GetAnalyzer
- GetArchive
Rule Error - Errors returned by GetArchiveRule
- GetFinding
Error - Errors returned by GetFinding
- List
Analyzed Resources Error - Errors returned by ListAnalyzedResources
- List
Analyzers Error - Errors returned by ListAnalyzers
- List
Archive Rules Error - Errors returned by ListArchiveRules
- List
Findings Error - Errors returned by ListFindings
- List
Tags ForResource Error - Errors returned by ListTagsForResource
- Start
Resource Scan Error - Errors returned by StartResourceScan
- TagResource
Error - Errors returned by TagResource
- Untag
Resource Error - Errors returned by UntagResource
- Update
Archive Rule Error - Errors returned by UpdateArchiveRule
- Update
Findings Error - Errors returned by UpdateFindings
Traits§
- Access
Analyzer - Trait representing the capabilities of the Access Analyzer API. Access Analyzer clients implement this trait.