CheckNoPublicAccess - IAM Access Analyzer
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Checks whether a resource policy can grant public access to the specified resource type.

Request Syntax

POST /policy/check-no-public-access HTTP/1.1 Content-type: application/json { "policyDocument": "string", "resourceType": "string" }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.


The JSON policy document to evaluate for public access.

Type: String

Required: Yes


The type of resource to evaluate for public access. For example, to check for public access to Amazon S3 buckets, you can choose AWS::S3::Bucket for the resource type.

For resource types not supported as valid values, IAM Access Analyzer will return an error.

Type: String

Valid Values: AWS::DynamoDB::Table | AWS::DynamoDB::Stream | AWS::EFS::FileSystem | AWS::OpenSearchService::Domain | AWS::Kinesis::Stream | AWS::Kinesis::StreamConsumer | AWS::KMS::Key | AWS::Lambda::Function | AWS::S3::Bucket | AWS::S3::AccessPoint | AWS::S3Express::DirectoryBucket | AWS::S3::Glacier | AWS::S3Outposts::Bucket | AWS::S3Outposts::AccessPoint | AWS::SecretsManager::Secret | AWS::SNS::Topic | AWS::SQS::Queue | AWS::IAM::AssumeRolePolicyDocument

Required: Yes

Response Syntax

HTTP/1.1 200 Content-type: application/json { "message": "string", "reasons": [ { "description": "string", "statementId": "string", "statementIndex": number } ], "result": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The message indicating whether the specified policy allows public access to resources.

Type: String


A list of reasons why the specified resource policy grants public access for the resource type.

Type: Array of ReasonSummary objects


The result of the check for public access to the specified resource type. If the result is PASS, the policy doesn't allow public access to the specified resource type. If the result is FAIL, the policy might allow public access to the specified resource type.

Type: String

Valid Values: PASS | FAIL


For information about the errors that are common to all actions, see Common Errors.


You do not have sufficient access to perform this action.

HTTP Status Code: 403


Internal server error.

HTTP Status Code: 500


The specified parameter is invalid.

HTTP Status Code: 400


Throttling limit exceeded error.

HTTP Status Code: 429


The specified entity could not be processed.

HTTP Status Code: 422


Validation exception error.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: