GetFindingV2
Retrieves information about the specified finding. GetFinding and GetFindingV2 both use
access-analyzer:GetFinding in the Action element of an IAM
policy statement. You must have permission to perform the
access-analyzer:GetFinding action.
Request Syntax
GET /findingv2/id?analyzerArn=analyzerArn&maxResults=maxResults&nextToken=nextToken HTTP/1.1
URI Request Parameters
The request uses the following URI parameters.
- analyzerArn
-
The ARN of the analyzer that generated the finding.
Pattern:
[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}Required: Yes
- id
-
The ID of the finding to retrieve.
Required: Yes
- maxResults
-
The maximum number of results to return in the response.
- nextToken
-
A token used for pagination of results returned.
Request Body
The request does not have a request body.
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"analyzedAt": "string",
"createdAt": "string",
"error": "string",
"findingDetails": [
{ ... }
],
"findingType": "string",
"id": "string",
"nextToken": "string",
"resource": "string",
"resourceOwnerAccount": "string",
"resourceType": "string",
"status": "string",
"updatedAt": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- analyzedAt
-
The time at which the resource-based policy or IAM entity that generated the finding was analyzed.
Type: Timestamp
- createdAt
-
The time at which the finding was created.
Type: Timestamp
- error
-
An error.
Type: String
- findingDetails
-
A localized message that explains the finding and provides guidance on how to address it.
Type: Array of FindingDetails objects
- findingType
-
The type of the finding. For external access analyzers, the type is
ExternalAccess. For unused access analyzers, the type can beUnusedIAMRole,UnusedIAMUserAccessKey,UnusedIAMUserPassword, orUnusedPermission.Type: String
Valid Values:
ExternalAccess | UnusedIAMRole | UnusedIAMUserAccessKey | UnusedIAMUserPassword | UnusedPermission - id
-
The ID of the finding to retrieve.
Type: String
- nextToken
-
A token used for pagination of results returned.
Type: String
- resource
-
The resource that generated the finding.
Type: String
- resourceOwnerAccount
-
Tye AWS account ID that owns the resource.
Type: String
- resourceType
-
The type of the resource identified in the finding.
Type: String
Valid Values:
AWS::S3::Bucket | AWS::IAM::Role | AWS::SQS::Queue | AWS::Lambda::Function | AWS::Lambda::LayerVersion | AWS::KMS::Key | AWS::SecretsManager::Secret | AWS::EFS::FileSystem | AWS::EC2::Snapshot | AWS::ECR::Repository | AWS::RDS::DBSnapshot | AWS::RDS::DBClusterSnapshot | AWS::SNS::Topic | AWS::S3Express::DirectoryBucket | AWS::DynamoDB::Table | AWS::DynamoDB::Stream - status
-
The status of the finding.
Type: String
Valid Values:
ACTIVE | ARCHIVED | RESOLVED - updatedAt
-
The time at which the finding was updated.
Type: Timestamp
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You do not have sufficient access to perform this action.
HTTP Status Code: 403
- InternalServerException
-
Internal server error.
HTTP Status Code: 500
- ResourceNotFoundException
-
The specified resource could not be found.
HTTP Status Code: 404
- ThrottlingException
-
Throttling limit exceeded error.
HTTP Status Code: 429
- ValidationException
-
Validation exception error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
