Class ExternalAccessDetails

java.lang.Object
software.amazon.awssdk.services.accessanalyzer.model.ExternalAccessDetails
All Implemented Interfaces:
Serializable, SdkPojo, ToCopyableBuilder<ExternalAccessDetails.Builder,ExternalAccessDetails>
@Generated("software.amazon.awssdk:codegen") public final class ExternalAccessDetails extends Object implements SdkPojo, Serializable, ToCopyableBuilder<ExternalAccessDetails.Builder,ExternalAccessDetails>

Contains information about an external access finding.

See Also:

  • Method Details

    • hasAction

      public final boolean hasAction()
      For responses, this returns true if the service returned a value for the Action property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • action

      public final List<String> action()

      The action in the analyzed policy statement that an external principal has permission to use.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasAction() method.

      Returns:
      The action in the analyzed policy statement that an external principal has permission to use.

    • hasCondition

      public final boolean hasCondition()
      For responses, this returns true if the service returned a value for the Condition property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • condition

      public final Map<String,String> condition()

      The condition in the analyzed policy statement that resulted in an external access finding.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasCondition() method.

      Returns:
      The condition in the analyzed policy statement that resulted in an external access finding.

    • isPublic

      public final Boolean isPublic()

      Specifies whether the external access finding is public.

      Returns:
      Specifies whether the external access finding is public.

    • hasPrincipal

      public final boolean hasPrincipal()
      For responses, this returns true if the service returned a value for the Principal property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • principal

      public final Map<String,String> principal()

      The external principal that has access to a resource within the zone of trust.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasPrincipal() method.

      Returns:
      The external principal that has access to a resource within the zone of trust.

    • hasSources

      public final boolean hasSources()
      For responses, this returns true if the service returned a value for the Sources property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • sources

      public final List<FindingSource> sources()

      The sources of the external access finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasSources() method.

      Returns:
      The sources of the external access finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.

    • resourceControlPolicyRestriction

      public final ResourceControlPolicyRestriction resourceControlPolicyRestriction()

      The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

      • APPLICABLE: There is an RCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLICABLE, then s3:DeleteObject would still be included in the list of actions for the finding.

      • FAILED_TO_EVALUATE_RCP: There was an error evaluating the RCP.

      • NOT_APPLICABLE: There was no RCP present in the organization, or there was no RCP applicable to the resource. For example, the resource being analyzed is an Amazon RDS snapshot and there is an RCP in the organization, but the RCP only impacts Amazon S3 buckets.

      • APPLIED: This restriction is not currently available for external access findings.

      If the service returns an enum value that is not available in the current SDK version, resourceControlPolicyRestriction will return ResourceControlPolicyRestriction.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from resourceControlPolicyRestrictionAsString().

      Returns:
      The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

      • APPLICABLE: There is an RCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLICABLE, then s3:DeleteObject would still be included in the list of actions for the finding.

      • FAILED_TO_EVALUATE_RCP: There was an error evaluating the RCP.

      • NOT_APPLICABLE: There was no RCP present in the organization, or there was no RCP applicable to the resource. For example, the resource being analyzed is an Amazon RDS snapshot and there is an RCP in the organization, but the RCP only impacts Amazon S3 buckets.

      • APPLIED: This restriction is not currently available for external access findings.

      See Also:

    • resourceControlPolicyRestrictionAsString

      public final String resourceControlPolicyRestrictionAsString()

      The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

      • APPLICABLE: There is an RCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLICABLE, then s3:DeleteObject would still be included in the list of actions for the finding.

      • FAILED_TO_EVALUATE_RCP: There was an error evaluating the RCP.

      • NOT_APPLICABLE: There was no RCP present in the organization, or there was no RCP applicable to the resource. For example, the resource being analyzed is an Amazon RDS snapshot and there is an RCP in the organization, but the RCP only impacts Amazon S3 buckets.

      • APPLIED: This restriction is not currently available for external access findings.

      If the service returns an enum value that is not available in the current SDK version, resourceControlPolicyRestriction will return ResourceControlPolicyRestriction.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from resourceControlPolicyRestrictionAsString().

      Returns:
      The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

      • APPLICABLE: There is an RCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLICABLE, then s3:DeleteObject would still be included in the list of actions for the finding.

      • FAILED_TO_EVALUATE_RCP: There was an error evaluating the RCP.

      • NOT_APPLICABLE: There was no RCP present in the organization, or there was no RCP applicable to the resource. For example, the resource being analyzed is an Amazon RDS snapshot and there is an RCP in the organization, but the RCP only impacts Amazon S3 buckets.

      • APPLIED: This restriction is not currently available for external access findings.

      See Also:

    • toBuilder

      public ExternalAccessDetails.Builder toBuilder()
      Description copied from interface: ToCopyableBuilder
      Take this object and create a builder that contains all of the current property values of this object.
      Specified by:
      toBuilder in interface ToCopyableBuilder<ExternalAccessDetails.Builder,ExternalAccessDetails>
      Returns:
      a builder for type T

    • builder

      public static ExternalAccessDetails.Builder builder()

    • serializableBuilderClass

      public static Class<? extends ExternalAccessDetails.Builder> serializableBuilderClass()

    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public final boolean equals(Object obj)
      Overrides:
      equals in class Object

    • equalsBySdkFields

      public final boolean equalsBySdkFields(Object obj)
      Description copied from interface: SdkPojo
      Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in an SdkPojo class, and is generated based on a service model.

      If an SdkPojo class does not have any inherited fields, equalsBySdkFields and equals are essentially the same.

      Specified by:
      equalsBySdkFields in interface SdkPojo
      Parameters:
      obj - the object to be compared with
      Returns:
      true if the other object equals to this object by sdk fields, false otherwise.

    • toString

      public final String toString()
      Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
      Overrides:
      toString in class Object

    • getValueForField

      public final <T> Optional<T> getValueForField(String fieldName, Class<T> clazz)

    • sdkFields

      public final List<SdkField<?>> sdkFields()
      Specified by:
      sdkFields in interface SdkPojo
      Returns:
      List of SdkField in this POJO. May be empty list but should never be null.

    • sdkFieldNameToField

      public final Map<String,SdkField<?>> sdkFieldNameToField()
      Specified by:
      sdkFieldNameToField in interface SdkPojo
      Returns:
      The mapping between the field name and its corresponding field.