accessanalyzer/aws.sdk.kotlin.services.accessanalyzer/AccessAnalyzerClient

AccessAnalyzerClient

interface AccessAnalyzerClient : SdkClient

Identity and Access Management Access Analyzer helps you to set, verify, and refine your IAM policies by providing a suite of capabilities. Its features include findings for external and unused access, basic and custom policy checks for validating policies, and policy generation to generate fine-grained policies. To start using IAM Access Analyzer to identify external or unused access, you first need to create an analyzer.

External access analyzers help identify potential risks of accessing resources by enabling you to identify any resource policies that grant access to an external principal. It does this by using logic-based reasoning to analyze resource-based policies in your Amazon Web Services environment. An external principal can be another Amazon Web Services account, a root user, an IAM user or role, a federated user, an Amazon Web Services service, or an anonymous user. You can also use IAM Access Analyzer to preview public and cross-account access to your resources before deploying permissions changes.

Unused access analyzers help identify potential identity access risks by enabling you to identify unused IAM roles, unused access keys, unused console passwords, and IAM principals with unused service and action-level permissions.

Beyond findings, IAM Access Analyzer provides basic and custom policy checks to validate IAM policies before deploying permissions changes. You can use policy generation to refine permissions by attaching a policy generated using access activity logged in CloudTrail logs.

This guide describes the IAM Access Analyzer operations that you can call programmatically. For general information about IAM Access Analyzer, see Identity and Access Management Access Analyzer in the IAM User Guide.

Properties

Link copied to clipboard
abstract override val config: AccessAnalyzerClient.Config

AccessAnalyzerClient's configuration

Functions

Link copied to clipboard
abstract suspend fun applyArchiveRule(input: ApplyArchiveRuleRequest): ApplyArchiveRuleResponse

Retroactively applies the archive rule to existing findings that meet the archive rule criteria.

Link copied to clipboard
abstract suspend fun cancelPolicyGeneration(input: CancelPolicyGenerationRequest): CancelPolicyGenerationResponse

Cancels the requested policy generation.

Link copied to clipboard
abstract suspend fun checkAccessNotGranted(input: CheckAccessNotGrantedRequest): CheckAccessNotGrantedResponse

Checks whether the specified access isn't allowed by a policy.

Link copied to clipboard
abstract suspend fun checkNoNewAccess(input: CheckNoNewAccessRequest): CheckNoNewAccessResponse

Checks whether new access is allowed for an updated policy when compared to the existing policy.

Link copied to clipboard
abstract suspend fun createAccessPreview(input: CreateAccessPreviewRequest): CreateAccessPreviewResponse

Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.

Link copied to clipboard
abstract suspend fun createAnalyzer(input: CreateAnalyzerRequest): CreateAnalyzerResponse

Creates an analyzer for your account.

Link copied to clipboard
abstract suspend fun createArchiveRule(input: CreateArchiveRuleRequest): CreateArchiveRuleResponse

Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.

Link copied to clipboard
abstract suspend fun deleteAnalyzer(input: DeleteAnalyzerRequest): DeleteAnalyzerResponse

Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.

Link copied to clipboard
abstract suspend fun deleteArchiveRule(input: DeleteArchiveRuleRequest): DeleteArchiveRuleResponse

Deletes the specified archive rule.

Link copied to clipboard
abstract suspend fun getAccessPreview(input: GetAccessPreviewRequest): GetAccessPreviewResponse

Retrieves information about an access preview for the specified analyzer.

Link copied to clipboard
abstract suspend fun getAnalyzedResource(input: GetAnalyzedResourceRequest): GetAnalyzedResourceResponse

Retrieves information about a resource that was analyzed.

Link copied to clipboard
abstract suspend fun getAnalyzer(input: GetAnalyzerRequest): GetAnalyzerResponse

Retrieves information about the specified analyzer.

Link copied to clipboard
abstract suspend fun getArchiveRule(input: GetArchiveRuleRequest): GetArchiveRuleResponse

Retrieves information about an archive rule.

Link copied to clipboard
abstract suspend fun getFinding(input: GetFindingRequest): GetFindingResponse

Retrieves information about the specified finding.

Link copied to clipboard
abstract suspend fun getFindingV2(input: GetFindingV2Request): GetFindingV2Response

Retrieves information about the specified finding.

Link copied to clipboard
abstract suspend fun getGeneratedPolicy(input: GetGeneratedPolicyRequest): GetGeneratedPolicyResponse

Retrieves the policy that was generated using StartPolicyGeneration.

Link copied to clipboard
abstract suspend fun listAccessPreviewFindings(input: ListAccessPreviewFindingsRequest): ListAccessPreviewFindingsResponse

Retrieves a list of access preview findings generated by the specified access preview.

Link copied to clipboard
abstract suspend fun listAccessPreviews(input: ListAccessPreviewsRequest): ListAccessPreviewsResponse

Retrieves a list of access previews for the specified analyzer.

Link copied to clipboard
abstract suspend fun listAnalyzedResources(input: ListAnalyzedResourcesRequest): ListAnalyzedResourcesResponse

Retrieves a list of resources of the specified type that have been analyzed by the specified analyzer..

Link copied to clipboard
abstract suspend fun listAnalyzers(input: ListAnalyzersRequest = ListAnalyzersRequest { }): ListAnalyzersResponse

Retrieves a list of analyzers.

Link copied to clipboard
abstract suspend fun listArchiveRules(input: ListArchiveRulesRequest): ListArchiveRulesResponse

Retrieves a list of archive rules created for the specified analyzer.

Link copied to clipboard
abstract suspend fun listFindings(input: ListFindingsRequest): ListFindingsResponse

Retrieves a list of findings generated by the specified analyzer.

Link copied to clipboard
abstract suspend fun listFindingsV2(input: ListFindingsV2Request): ListFindingsV2Response

Retrieves a list of findings generated by the specified analyzer.

Link copied to clipboard
abstract suspend fun listPolicyGenerations(input: ListPolicyGenerationsRequest = ListPolicyGenerationsRequest { }): ListPolicyGenerationsResponse

Lists all of the policy generations requested in the last seven days.

Link copied to clipboard
abstract suspend fun listTagsForResource(input: ListTagsForResourceRequest): ListTagsForResourceResponse

Retrieves a list of tags applied to the specified resource.

Link copied to clipboard
abstract suspend fun startPolicyGeneration(input: StartPolicyGenerationRequest): StartPolicyGenerationResponse

Starts the policy generation request.

Link copied to clipboard
abstract suspend fun startResourceScan(input: StartResourceScanRequest): StartResourceScanResponse

Immediately starts a scan of the policies applied to the specified resource.

Link copied to clipboard
abstract suspend fun tagResource(input: TagResourceRequest): TagResourceResponse

Adds a tag to the specified resource.

Link copied to clipboard
abstract suspend fun untagResource(input: UntagResourceRequest): UntagResourceResponse

Removes a tag from the specified resource.

Link copied to clipboard
abstract suspend fun updateArchiveRule(input: UpdateArchiveRuleRequest): UpdateArchiveRuleResponse

Updates the criteria and values for the specified archive rule.

Link copied to clipboard
abstract suspend fun updateFindings(input: UpdateFindingsRequest): UpdateFindingsResponse

Updates the status for the specified findings.

Link copied to clipboard
abstract suspend fun validatePolicy(input: ValidatePolicyRequest): ValidatePolicyResponse

Requests the validation of a policy and returns a list of findings. The findings help you identify issues and provide actionable recommendations to resolve the issue and enable you to author functional policies that meet security best practices.

Inherited functions

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.applyArchiveRule(crossinline block: ApplyArchiveRuleRequest.Builder.() -> Unit): ApplyArchiveRuleResponse

Retroactively applies the archive rule to existing findings that meet the archive rule criteria.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.cancelPolicyGeneration(crossinline block: CancelPolicyGenerationRequest.Builder.() -> Unit): CancelPolicyGenerationResponse

Cancels the requested policy generation.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.checkAccessNotGranted(crossinline block: CheckAccessNotGrantedRequest.Builder.() -> Unit): CheckAccessNotGrantedResponse

Checks whether the specified access isn't allowed by a policy.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.checkNoNewAccess(crossinline block: CheckNoNewAccessRequest.Builder.() -> Unit): CheckNoNewAccessResponse

Checks whether new access is allowed for an updated policy when compared to the existing policy.

Link copied to clipboard
expect abstract fun close()
Link copied to clipboard
inline suspend fun AccessAnalyzerClient.createAccessPreview(crossinline block: CreateAccessPreviewRequest.Builder.() -> Unit): CreateAccessPreviewResponse

Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.createAnalyzer(crossinline block: CreateAnalyzerRequest.Builder.() -> Unit): CreateAnalyzerResponse

Creates an analyzer for your account.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.createArchiveRule(crossinline block: CreateArchiveRuleRequest.Builder.() -> Unit): CreateArchiveRuleResponse

Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.deleteAnalyzer(crossinline block: DeleteAnalyzerRequest.Builder.() -> Unit): DeleteAnalyzerResponse

Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.deleteArchiveRule(crossinline block: DeleteArchiveRuleRequest.Builder.() -> Unit): DeleteArchiveRuleResponse

Deletes the specified archive rule.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.getAccessPreview(crossinline block: GetAccessPreviewRequest.Builder.() -> Unit): GetAccessPreviewResponse

Retrieves information about an access preview for the specified analyzer.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.getAnalyzedResource(crossinline block: GetAnalyzedResourceRequest.Builder.() -> Unit): GetAnalyzedResourceResponse

Retrieves information about a resource that was analyzed.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.getAnalyzer(crossinline block: GetAnalyzerRequest.Builder.() -> Unit): GetAnalyzerResponse

Retrieves information about the specified analyzer.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.getArchiveRule(crossinline block: GetArchiveRuleRequest.Builder.() -> Unit): GetArchiveRuleResponse

Retrieves information about an archive rule.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.getFinding(crossinline block: GetFindingRequest.Builder.() -> Unit): GetFindingResponse

Retrieves information about the specified finding.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.getFindingV2(crossinline block: GetFindingV2Request.Builder.() -> Unit): GetFindingV2Response

Retrieves information about the specified finding.

Link copied to clipboard
Link copied to clipboard
inline suspend fun AccessAnalyzerClient.getGeneratedPolicy(crossinline block: GetGeneratedPolicyRequest.Builder.() -> Unit): GetGeneratedPolicyResponse

Retrieves the policy that was generated using StartPolicyGeneration.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.listAccessPreviewFindings(crossinline block: ListAccessPreviewFindingsRequest.Builder.() -> Unit): ListAccessPreviewFindingsResponse

Retrieves a list of access preview findings generated by the specified access preview.

Link copied to clipboard
Link copied to clipboard
inline suspend fun AccessAnalyzerClient.listAccessPreviews(crossinline block: ListAccessPreviewsRequest.Builder.() -> Unit): ListAccessPreviewsResponse

Retrieves a list of access previews for the specified analyzer.

Link copied to clipboard
Link copied to clipboard
inline suspend fun AccessAnalyzerClient.listAnalyzedResources(crossinline block: ListAnalyzedResourcesRequest.Builder.() -> Unit): ListAnalyzedResourcesResponse

Retrieves a list of resources of the specified type that have been analyzed by the specified analyzer..

Link copied to clipboard
Link copied to clipboard
inline suspend fun AccessAnalyzerClient.listAnalyzers(crossinline block: ListAnalyzersRequest.Builder.() -> Unit): ListAnalyzersResponse

Retrieves a list of analyzers.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.listArchiveRules(crossinline block: ListArchiveRulesRequest.Builder.() -> Unit): ListArchiveRulesResponse

Retrieves a list of archive rules created for the specified analyzer.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.listFindings(crossinline block: ListFindingsRequest.Builder.() -> Unit): ListFindingsResponse

Retrieves a list of findings generated by the specified analyzer.

Link copied to clipboard
Link copied to clipboard
inline suspend fun AccessAnalyzerClient.listFindingsV2(crossinline block: ListFindingsV2Request.Builder.() -> Unit): ListFindingsV2Response

Retrieves a list of findings generated by the specified analyzer.

Link copied to clipboard
Link copied to clipboard
inline suspend fun AccessAnalyzerClient.listPolicyGenerations(crossinline block: ListPolicyGenerationsRequest.Builder.() -> Unit): ListPolicyGenerationsResponse

Lists all of the policy generations requested in the last seven days.

Link copied to clipboard
Link copied to clipboard
inline suspend fun AccessAnalyzerClient.listTagsForResource(crossinline block: ListTagsForResourceRequest.Builder.() -> Unit): ListTagsForResourceResponse

Retrieves a list of tags applied to the specified resource.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.startPolicyGeneration(crossinline block: StartPolicyGenerationRequest.Builder.() -> Unit): StartPolicyGenerationResponse

Starts the policy generation request.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.startResourceScan(crossinline block: StartResourceScanRequest.Builder.() -> Unit): StartResourceScanResponse

Immediately starts a scan of the policies applied to the specified resource.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.tagResource(crossinline block: TagResourceRequest.Builder.() -> Unit): TagResourceResponse

Adds a tag to the specified resource.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.untagResource(crossinline block: UntagResourceRequest.Builder.() -> Unit): UntagResourceResponse

Removes a tag from the specified resource.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.updateArchiveRule(crossinline block: UpdateArchiveRuleRequest.Builder.() -> Unit): UpdateArchiveRuleResponse

Updates the criteria and values for the specified archive rule.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.updateFindings(crossinline block: UpdateFindingsRequest.Builder.() -> Unit): UpdateFindingsResponse

Updates the status for the specified findings.

Link copied to clipboard
inline suspend fun AccessAnalyzerClient.validatePolicy(crossinline block: ValidatePolicyRequest.Builder.() -> Unit): ValidatePolicyResponse

Requests the validation of a policy and returns a list of findings. The findings help you identify issues and provide actionable recommendations to resolve the issue and enable you to author functional policies that meet security best practices.

Link copied to clipboard
Link copied to clipboard
fun AccessAnalyzerClient.withConfig(block: AccessAnalyzerClient.Config.Builder.() -> Unit): AccessAnalyzerClient

Create a copy of the client with one or more configuration values overridden. This method allows the caller to perform scoped config overrides for one or more client operations.