Soto icon

Soto

AccessAnalyzer

Service object for interacting with AWS AccessAnalyzer service.

public struct AccessAnalyzer: AWSService 

Identity and Access Management Access Analyzer helps identify potential resource-access risks by enabling you to identify any policies that grant access to an external principal. It does this by using logic-based reasoning to analyze resource-based policies in your Amazon Web Services environment. An external principal can be another Amazon Web Services account, a root user, an IAM user or role, a federated user, an Amazon Web Services service, or an anonymous user. You can also use IAM Access Analyzer to preview and validate public and cross-account access to your resources before deploying permissions changes. This guide describes the Identity and Access Management Access Analyzer operations that you can call programmatically. For general information about IAM Access Analyzer, see Identity and Access Management Access Analyzer in the IAM User Guide.

To start using IAM Access Analyzer, you first need to create an analyzer.

Inheritance

AWSService

Initializers

init(client:region:partition:endpoint:timeout:byteBufferAllocator:options:)

Initialize the AccessAnalyzer client

public init(
        client: AWSClient,
        region: SotoCore.Region? = nil,
        partition: AWSPartition = .aws,
        endpoint: String? = nil,
        timeout: TimeAmount? = nil,
        byteBufferAllocator: ByteBufferAllocator = ByteBufferAllocator(),
        options: AWSServiceConfig.Options = []
    ) 

Parameters

  • client: AWSClient used to process requests
  • region: Region of server you want to communicate with. This will override the partition parameter.
  • partition: AWS partition where service resides, standard (.aws), china (.awscn), government (.awsusgov).
  • endpoint: Custom endpoint URL to use instead of standard AWS servers
  • timeout: Timeout value for HTTP requests

init(from:patch:)

Initializer required by AWSService.with(middlewares:​timeout:​byteBufferAllocator:​options). You are not able to use this initializer directly as there are no public initializers for AWSServiceConfig.Patch. Please use AWSService.with(middlewares:​timeout:​byteBufferAllocator:​options) instead.

public init(from: AccessAnalyzer, patch: AWSServiceConfig.Patch) 

Properties

client

Client used for communication with AWS

public let client: AWSClient

config

Service configuration

public let config: AWSServiceConfig

Methods

applyArchiveRule(_:logger:on:)

@discardableResult public func applyArchiveRule(_ input: ApplyArchiveRuleRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<Void> 

Retroactively applies the archive rule to existing findings that meet the archive rule criteria.

cancelPolicyGeneration(_:logger:on:)

public func cancelPolicyGeneration(_ input: CancelPolicyGenerationRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<CancelPolicyGenerationResponse> 

Cancels the requested policy generation.

createAccessPreview(_:logger:on:)

public func createAccessPreview(_ input: CreateAccessPreviewRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<CreateAccessPreviewResponse> 

Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.

createAnalyzer(_:logger:on:)

public func createAnalyzer(_ input: CreateAnalyzerRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<CreateAnalyzerResponse> 

Creates an analyzer for your account.

createArchiveRule(_:logger:on:)

@discardableResult public func createArchiveRule(_ input: CreateArchiveRuleRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<Void> 

Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.

To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.

deleteAnalyzer(_:logger:on:)

@discardableResult public func deleteAnalyzer(_ input: DeleteAnalyzerRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<Void> 

Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.

deleteArchiveRule(_:logger:on:)

@discardableResult public func deleteArchiveRule(_ input: DeleteArchiveRuleRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<Void> 

Deletes the specified archive rule.

getAccessPreview(_:logger:on:)

public func getAccessPreview(_ input: GetAccessPreviewRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<GetAccessPreviewResponse> 

Retrieves information about an access preview for the specified analyzer.

getAnalyzedResource(_:logger:on:)

public func getAnalyzedResource(_ input: GetAnalyzedResourceRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<GetAnalyzedResourceResponse> 

Retrieves information about a resource that was analyzed.

getAnalyzer(_:logger:on:)

public func getAnalyzer(_ input: GetAnalyzerRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<GetAnalyzerResponse> 

Retrieves information about the specified analyzer.

getArchiveRule(_:logger:on:)

public func getArchiveRule(_ input: GetArchiveRuleRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<GetArchiveRuleResponse> 

Retrieves information about an archive rule.

To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.

getFinding(_:logger:on:)

public func getFinding(_ input: GetFindingRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<GetFindingResponse> 

Retrieves information about the specified finding.

getGeneratedPolicy(_:logger:on:)

public func getGeneratedPolicy(_ input: GetGeneratedPolicyRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<GetGeneratedPolicyResponse> 

Retrieves the policy that was generated using StartPolicyGeneration.

listAccessPreviewFindings(_:logger:on:)

public func listAccessPreviewFindings(_ input: ListAccessPreviewFindingsRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<ListAccessPreviewFindingsResponse> 

Retrieves a list of access preview findings generated by the specified access preview.

listAccessPreviews(_:logger:on:)

public func listAccessPreviews(_ input: ListAccessPreviewsRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<ListAccessPreviewsResponse> 

Retrieves a list of access previews for the specified analyzer.

listAnalyzedResources(_:logger:on:)

public func listAnalyzedResources(_ input: ListAnalyzedResourcesRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<ListAnalyzedResourcesResponse> 

Retrieves a list of resources of the specified type that have been analyzed by the specified analyzer..

listAnalyzers(_:logger:on:)

public func listAnalyzers(_ input: ListAnalyzersRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<ListAnalyzersResponse> 

Retrieves a list of analyzers.

listArchiveRules(_:logger:on:)

public func listArchiveRules(_ input: ListArchiveRulesRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<ListArchiveRulesResponse> 

Retrieves a list of archive rules created for the specified analyzer.

listFindings(_:logger:on:)

public func listFindings(_ input: ListFindingsRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<ListFindingsResponse> 

Retrieves a list of findings generated by the specified analyzer.

To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.

listPolicyGenerations(_:logger:on:)

public func listPolicyGenerations(_ input: ListPolicyGenerationsRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<ListPolicyGenerationsResponse> 

Lists all of the policy generations requested in the last seven days.

listTagsForResource(_:logger:on:)

public func listTagsForResource(_ input: ListTagsForResourceRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<ListTagsForResourceResponse> 

Retrieves a list of tags applied to the specified resource.

startPolicyGeneration(_:logger:on:)

public func startPolicyGeneration(_ input: StartPolicyGenerationRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<StartPolicyGenerationResponse> 

Starts the policy generation request.

startResourceScan(_:logger:on:)

@discardableResult public func startResourceScan(_ input: StartResourceScanRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<Void> 

Immediately starts a scan of the policies applied to the specified resource.

tagResource(_:logger:on:)

public func tagResource(_ input: TagResourceRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<TagResourceResponse> 

Adds a tag to the specified resource.

untagResource(_:logger:on:)

public func untagResource(_ input: UntagResourceRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<UntagResourceResponse> 

Removes a tag from the specified resource.

updateArchiveRule(_:logger:on:)

@discardableResult public func updateArchiveRule(_ input: UpdateArchiveRuleRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<Void> 

Updates the criteria and values for the specified archive rule.

updateFindings(_:logger:on:)

@discardableResult public func updateFindings(_ input: UpdateFindingsRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<Void> 

Updates the status for the specified findings.

validatePolicy(_:logger:on:)

public func validatePolicy(_ input: ValidatePolicyRequest, logger: Logger = AWSClient.loggingDisabled, on eventLoop: EventLoop? = nil) -> EventLoopFuture<ValidatePolicyResponse> 

Requests the validation of a policy and returns a list of findings. The findings help you identify issues and provide actionable recommendations to resolve the issue and enable you to author functional policies that meet security best practices.