AWS.AccessAnalyzer (aws-elixir v0.8.0) View Source

AWS IAM Access Analyzer helps identify potential resource-access risks by enabling you to identify any policies that grant access to an external principal.

It does this by using logic-based reasoning to analyze resource-based policies in your AWS environment. An external principal can be another AWS account, a root user, an IAM user or role, a federated user, an AWS service, or an anonymous user. You can also use Access Analyzer to preview and validate public and cross-account access to your resources before deploying permissions changes. This guide describes the AWS IAM Access Analyzer operations that you can call programmatically. For general information about Access Analyzer, see AWS IAM Access Analyzer in the IAM User Guide.

To start using Access Analyzer, you first need to create an analyzer.

Link to this section Summary

Functions

Retroactively applies the archive rule to existing findings that meet the archive rule criteria.

Cancels the requested policy generation.

Creates an access preview that allows you to preview Access Analyzer findings for your resource before deploying resource permissions.

Creates an analyzer for your account.

Creates an archive rule for the specified analyzer.

Retrieves information about an access preview for the specified analyzer.

Retrieves information about a resource that was analyzed.

Retrieves information about the specified analyzer.

Retrieves information about an archive rule.

Retrieves information about the specified finding.

Retrieves a list of access preview findings generated by the specified access preview.

Retrieves a list of access previews for the specified analyzer.

Retrieves a list of resources of the specified type that have been analyzed by the specified analyzer..

Retrieves a list of archive rules created for the specified analyzer.

Retrieves a list of findings generated by the specified analyzer.

Lists all of the policy generations requested in the last seven days.

Retrieves a list of tags applied to the specified resource.

Starts the policy generation request.

Immediately starts a scan of the policies applied to the specified resource.

Adds a tag to the specified resource.

Removes a tag from the specified resource.

Updates the criteria and values for the specified archive rule.

Updates the status for the specified findings.

Requests the validation of a policy and returns a list of findings.

Link to this section Functions

Link to this function

apply_archive_rule(client, input, options \\ [])

View Source

Retroactively applies the archive rule to existing findings that meet the archive rule criteria.

Link to this function

cancel_policy_generation(client, job_id, input, options \\ [])

View Source

Cancels the requested policy generation.

Link to this function

create_access_preview(client, input, options \\ [])

View Source

Creates an access preview that allows you to preview Access Analyzer findings for your resource before deploying resource permissions.

Link to this function

create_analyzer(client, input, options \\ [])

View Source

Creates an analyzer for your account.

Link to this function

create_archive_rule(client, analyzer_name, input, options \\ [])

View Source

Creates an archive rule for the specified analyzer.

Archive rules automatically archive new findings that meet the criteria you define when you create the rule.

To learn about filter keys that you can use to create an archive rule, see Access Analyzer filter keys in the IAM User Guide.

Link to this function

delete_analyzer(client, analyzer_name, input, options \\ [])

View Source

Deletes the specified analyzer.

When you delete an analyzer, Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.

Link to this function

delete_archive_rule(client, analyzer_name, rule_name, input, options \\ [])

View Source

Deletes the specified archive rule.

Link to this function

get_access_preview(client, access_preview_id, analyzer_arn, options \\ [])

View Source

Retrieves information about an access preview for the specified analyzer.

Link to this function

get_analyzed_resource(client, analyzer_arn, resource_arn, options \\ [])

View Source

Retrieves information about a resource that was analyzed.

Link to this function

get_analyzer(client, analyzer_name, options \\ [])

View Source

Retrieves information about the specified analyzer.

Link to this function

get_archive_rule(client, analyzer_name, rule_name, options \\ [])

View Source

Retrieves information about an archive rule.

To learn about filter keys that you can use to create an archive rule, see Access Analyzer filter keys in the IAM User Guide.

Link to this function

get_finding(client, id, analyzer_arn, options \\ [])

View Source

Retrieves information about the specified finding.

Link to this function

get_generated_policy(client, job_id, include_resource_placeholders \\ nil, include_service_level_template \\ nil, options \\ [])

View Source

Retrieves the policy that was generated using StartPolicyGeneration.

Link to this function

list_access_preview_findings(client, access_preview_id, input, options \\ [])

View Source

Retrieves a list of access preview findings generated by the specified access preview.

Link to this function

list_access_previews(client, analyzer_arn, max_results \\ nil, next_token \\ nil, options \\ [])

View Source

Retrieves a list of access previews for the specified analyzer.

Link to this function

list_analyzed_resources(client, input, options \\ [])

View Source

Retrieves a list of resources of the specified type that have been analyzed by the specified analyzer..

Link to this function

list_analyzers(client, max_results \\ nil, next_token \\ nil, type \\ nil, options \\ [])

View Source

Retrieves a list of analyzers.

Link to this function

list_archive_rules(client, analyzer_name, max_results \\ nil, next_token \\ nil, options \\ [])

View Source

Retrieves a list of archive rules created for the specified analyzer.

Link to this function

list_findings(client, input, options \\ [])

View Source

Retrieves a list of findings generated by the specified analyzer.

To learn about filter keys that you can use to retrieve a list of findings, see Access Analyzer filter keys in the IAM User Guide.

Link to this function

list_policy_generations(client, max_results \\ nil, next_token \\ nil, principal_arn \\ nil, options \\ [])

View Source

Lists all of the policy generations requested in the last seven days.

Link to this function

list_tags_for_resource(client, resource_arn, options \\ [])

View Source

Retrieves a list of tags applied to the specified resource.

Link to this function

start_policy_generation(client, input, options \\ [])

View Source

Starts the policy generation request.

Link to this function

start_resource_scan(client, input, options \\ [])

View Source

Immediately starts a scan of the policies applied to the specified resource.

Link to this function

tag_resource(client, resource_arn, input, options \\ [])

View Source

Adds a tag to the specified resource.

Link to this function

untag_resource(client, resource_arn, input, options \\ [])

View Source

Removes a tag from the specified resource.

Link to this function

update_archive_rule(client, analyzer_name, rule_name, input, options \\ [])

View Source

Updates the criteria and values for the specified archive rule.

Link to this function

update_findings(client, input, options \\ [])

View Source

Updates the status for the specified findings.

Link to this function

validate_policy(client, input, options \\ [])

View Source

Requests the validation of a policy and returns a list of findings.

The findings help you identify issues and provide actionable recommendations to resolve the issue and enable you to author functional policies that meet security best practices.