StartPolicyGeneration - IAM Access Analyzer
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Starts the policy generation request.

Request Syntax

PUT /policy/generation HTTP/1.1 Content-type: application/json { "clientToken": "string", "cloudTrailDetails": { "accessRole": "string", "endTime": "string", "startTime": "string", "trails": [ { "allRegions": boolean, "cloudTrailArn": "string", "regions": [ "string" ] } ] }, "policyGenerationDetails": { "principalArn": "string" } }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.


A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, the subsequent retries with the same client token return the result from the original successful request and they have no additional effect.

If you do not specify a client token, one is automatically generated by the Amazon SDK.

Type: String

Required: No


A CloudTrailDetails object that contains details about a Trail that you want to analyze to generate policies.

Type: CloudTrailDetails object

Required: No


Contains the ARN of the IAM entity (user or role) for which you are generating a policy.

Type: PolicyGenerationDetails object

Required: Yes

Response Syntax

HTTP/1.1 200 Content-type: application/json { "jobId": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The JobId that is returned by the StartPolicyGeneration operation. The JobId can be used with GetGeneratedPolicy to retrieve the generated policies or used with CancelPolicyGeneration to cancel the policy generation request.

Type: String


For information about the errors that are common to all actions, see Common Errors.


You do not have sufficient access to perform this action.

HTTP Status Code: 403


A conflict exception error.

HTTP Status Code: 409


Internal server error.

HTTP Status Code: 500


Service quote met error.

HTTP Status Code: 402


Throttling limit exceeded error.

HTTP Status Code: 429


Validation exception error.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: