Class InternalAccessDetails

java.lang.Object
software.amazon.awssdk.services.accessanalyzer.model.InternalAccessDetails
All Implemented Interfaces:
Serializable, SdkPojo, ToCopyableBuilder<InternalAccessDetails.Builder,InternalAccessDetails>
@Generated("software.amazon.awssdk:codegen") public final class InternalAccessDetails extends Object implements SdkPojo, Serializable, ToCopyableBuilder<InternalAccessDetails.Builder,InternalAccessDetails>

Contains information about an internal access finding. This includes details about the access that was identified within your Amazon Web Services organization or account.

See Also:

  • Method Details

    • hasAction

      public final boolean hasAction()
      For responses, this returns true if the service returned a value for the Action property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • action

      public final List<String> action()

      The action in the analyzed policy statement that has internal access permission to use.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasAction() method.

      Returns:
      The action in the analyzed policy statement that has internal access permission to use.

    • hasCondition

      public final boolean hasCondition()
      For responses, this returns true if the service returned a value for the Condition property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • condition

      public final Map<String,String> condition()

      The condition in the analyzed policy statement that resulted in an internal access finding.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasCondition() method.

      Returns:
      The condition in the analyzed policy statement that resulted in an internal access finding.

    • hasPrincipal

      public final boolean hasPrincipal()
      For responses, this returns true if the service returned a value for the Principal property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • principal

      public final Map<String,String> principal()

      The principal that has access to a resource within the internal environment.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasPrincipal() method.

      Returns:
      The principal that has access to a resource within the internal environment.

    • principalOwnerAccount

      public final String principalOwnerAccount()

      The Amazon Web Services account ID that owns the principal identified in the internal access finding.

      Returns:
      The Amazon Web Services account ID that owns the principal identified in the internal access finding.

    • accessType

      public final InternalAccessType accessType()

      The type of internal access identified in the finding. This indicates how the access is granted within your Amazon Web Services environment.

      If the service returns an enum value that is not available in the current SDK version, accessType will return InternalAccessType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from accessTypeAsString().

      Returns:
      The type of internal access identified in the finding. This indicates how the access is granted within your Amazon Web Services environment.
      See Also:

    • accessTypeAsString

      public final String accessTypeAsString()

      The type of internal access identified in the finding. This indicates how the access is granted within your Amazon Web Services environment.

      If the service returns an enum value that is not available in the current SDK version, accessType will return InternalAccessType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from accessTypeAsString().

      Returns:
      The type of internal access identified in the finding. This indicates how the access is granted within your Amazon Web Services environment.
      See Also:

    • principalType

      public final PrincipalType principalType()

      The type of principal identified in the internal access finding, such as IAM role or IAM user.

      If the service returns an enum value that is not available in the current SDK version, principalType will return PrincipalType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from principalTypeAsString().

      Returns:
      The type of principal identified in the internal access finding, such as IAM role or IAM user.
      See Also:

    • principalTypeAsString

      public final String principalTypeAsString()

      The type of principal identified in the internal access finding, such as IAM role or IAM user.

      If the service returns an enum value that is not available in the current SDK version, principalType will return PrincipalType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from principalTypeAsString().

      Returns:
      The type of principal identified in the internal access finding, such as IAM role or IAM user.
      See Also:

    • hasSources

      public final boolean hasSources()
      For responses, this returns true if the service returned a value for the Sources property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • sources

      public final List<FindingSource> sources()

      The sources of the internal access finding. This indicates how the access that generated the finding is granted within your Amazon Web Services environment.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasSources() method.

      Returns:
      The sources of the internal access finding. This indicates how the access that generated the finding is granted within your Amazon Web Services environment.

    • resourceControlPolicyRestriction

      public final ResourceControlPolicyRestriction resourceControlPolicyRestriction()

      The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

      • APPLICABLE: There is an RCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLICABLE, then s3:DeleteObject would still be included in the list of actions for the finding. Only applicable to internal access findings with the account as the zone of trust.

      • FAILED_TO_EVALUATE_RCP: There was an error evaluating the RCP.

      • NOT_APPLICABLE: There was no RCP present in the organization. For internal access findings with the account as the zone of trust, NOT_APPLICABLE could also indicate that there was no RCP applicable to the resource.

      • APPLIED: An RCP is present in the organization and IAM Access Analyzer included it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLIED, then s3:DeleteObject would not be included in the list of actions for the finding. Only applicable to internal access findings with the organization as the zone of trust.

      If the service returns an enum value that is not available in the current SDK version, resourceControlPolicyRestriction will return ResourceControlPolicyRestriction.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from resourceControlPolicyRestrictionAsString().

      Returns:
      The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

      • APPLICABLE: There is an RCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLICABLE, then s3:DeleteObject would still be included in the list of actions for the finding. Only applicable to internal access findings with the account as the zone of trust.

      • FAILED_TO_EVALUATE_RCP: There was an error evaluating the RCP.

      • NOT_APPLICABLE: There was no RCP present in the organization. For internal access findings with the account as the zone of trust, NOT_APPLICABLE could also indicate that there was no RCP applicable to the resource.

      • APPLIED: An RCP is present in the organization and IAM Access Analyzer included it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLIED, then s3:DeleteObject would not be included in the list of actions for the finding. Only applicable to internal access findings with the organization as the zone of trust.

      See Also:

    • resourceControlPolicyRestrictionAsString

      public final String resourceControlPolicyRestrictionAsString()

      The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

      • APPLICABLE: There is an RCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLICABLE, then s3:DeleteObject would still be included in the list of actions for the finding. Only applicable to internal access findings with the account as the zone of trust.

      • FAILED_TO_EVALUATE_RCP: There was an error evaluating the RCP.

      • NOT_APPLICABLE: There was no RCP present in the organization. For internal access findings with the account as the zone of trust, NOT_APPLICABLE could also indicate that there was no RCP applicable to the resource.

      • APPLIED: An RCP is present in the organization and IAM Access Analyzer included it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLIED, then s3:DeleteObject would not be included in the list of actions for the finding. Only applicable to internal access findings with the organization as the zone of trust.

      If the service returns an enum value that is not available in the current SDK version, resourceControlPolicyRestriction will return ResourceControlPolicyRestriction.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from resourceControlPolicyRestrictionAsString().

      Returns:
      The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

      • APPLICABLE: There is an RCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLICABLE, then s3:DeleteObject would still be included in the list of actions for the finding. Only applicable to internal access findings with the account as the zone of trust.

      • FAILED_TO_EVALUATE_RCP: There was an error evaluating the RCP.

      • NOT_APPLICABLE: There was no RCP present in the organization. For internal access findings with the account as the zone of trust, NOT_APPLICABLE could also indicate that there was no RCP applicable to the resource.

      • APPLIED: An RCP is present in the organization and IAM Access Analyzer included it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLIED, then s3:DeleteObject would not be included in the list of actions for the finding. Only applicable to internal access findings with the organization as the zone of trust.

      See Also:

    • serviceControlPolicyRestriction

      public final ServiceControlPolicyRestriction serviceControlPolicyRestriction()

      The type of restriction applied to the finding by an Organizations service control policy (SCP).

      • APPLICABLE: There is an SCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. Only applicable to internal access findings with the account as the zone of trust.

      • FAILED_TO_EVALUATE_SCP: There was an error evaluating the SCP.

      • NOT_APPLICABLE: There was no SCP present in the organization. For internal access findings with the account as the zone of trust, NOT_APPLICABLE could also indicate that there was no SCP applicable to the principal.

      • APPLIED: An SCP is present in the organization and IAM Access Analyzer included it in the evaluation of effective permissions. Only applicable to internal access findings with the organization as the zone of trust.

      If the service returns an enum value that is not available in the current SDK version, serviceControlPolicyRestriction will return ServiceControlPolicyRestriction.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from serviceControlPolicyRestrictionAsString().

      Returns:
      The type of restriction applied to the finding by an Organizations service control policy (SCP).

      • APPLICABLE: There is an SCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. Only applicable to internal access findings with the account as the zone of trust.

      • FAILED_TO_EVALUATE_SCP: There was an error evaluating the SCP.

      • NOT_APPLICABLE: There was no SCP present in the organization. For internal access findings with the account as the zone of trust, NOT_APPLICABLE could also indicate that there was no SCP applicable to the principal.

      • APPLIED: An SCP is present in the organization and IAM Access Analyzer included it in the evaluation of effective permissions. Only applicable to internal access findings with the organization as the zone of trust.

      See Also:

    • serviceControlPolicyRestrictionAsString

      public final String serviceControlPolicyRestrictionAsString()

      The type of restriction applied to the finding by an Organizations service control policy (SCP).

      • APPLICABLE: There is an SCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. Only applicable to internal access findings with the account as the zone of trust.

      • FAILED_TO_EVALUATE_SCP: There was an error evaluating the SCP.

      • NOT_APPLICABLE: There was no SCP present in the organization. For internal access findings with the account as the zone of trust, NOT_APPLICABLE could also indicate that there was no SCP applicable to the principal.

      • APPLIED: An SCP is present in the organization and IAM Access Analyzer included it in the evaluation of effective permissions. Only applicable to internal access findings with the organization as the zone of trust.

      If the service returns an enum value that is not available in the current SDK version, serviceControlPolicyRestriction will return ServiceControlPolicyRestriction.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from serviceControlPolicyRestrictionAsString().

      Returns:
      The type of restriction applied to the finding by an Organizations service control policy (SCP).

      • APPLICABLE: There is an SCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. Only applicable to internal access findings with the account as the zone of trust.

      • FAILED_TO_EVALUATE_SCP: There was an error evaluating the SCP.

      • NOT_APPLICABLE: There was no SCP present in the organization. For internal access findings with the account as the zone of trust, NOT_APPLICABLE could also indicate that there was no SCP applicable to the principal.

      • APPLIED: An SCP is present in the organization and IAM Access Analyzer included it in the evaluation of effective permissions. Only applicable to internal access findings with the organization as the zone of trust.

      See Also:

    • toBuilder

      public InternalAccessDetails.Builder toBuilder()
      Description copied from interface: ToCopyableBuilder
      Take this object and create a builder that contains all of the current property values of this object.
      Specified by:
      toBuilder in interface ToCopyableBuilder<InternalAccessDetails.Builder,InternalAccessDetails>
      Returns:
      a builder for type T

    • builder

      public static InternalAccessDetails.Builder builder()

    • serializableBuilderClass

      public static Class<? extends InternalAccessDetails.Builder> serializableBuilderClass()

    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public final boolean equals(Object obj)
      Overrides:
      equals in class Object

    • equalsBySdkFields

      public final boolean equalsBySdkFields(Object obj)
      Description copied from interface: SdkPojo
      Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in an SdkPojo class, and is generated based on a service model.

      If an SdkPojo class does not have any inherited fields, equalsBySdkFields and equals are essentially the same.

      Specified by:
      equalsBySdkFields in interface SdkPojo
      Parameters:
      obj - the object to be compared with
      Returns:
      true if the other object equals to this object by sdk fields, false otherwise.

    • toString

      public final String toString()
      Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
      Overrides:
      toString in class Object

    • getValueForField

      public final <T> Optional<T> getValueForField(String fieldName, Class<T> clazz)

    • sdkFields

      public final List<SdkField<?>> sdkFields()
      Specified by:
      sdkFields in interface SdkPojo
      Returns:
      List of SdkField in this POJO. May be empty list but should never be null.

    • sdkFieldNameToField

      public final Map<String,SdkField<?>> sdkFieldNameToField()
      Specified by:
      sdkFieldNameToField in interface SdkPojo
      Returns:
      The mapping between the field name and its corresponding field.