AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
Name | Description | |
---|---|---|
Access |
Contains information about actions that define permissions to check against a policy. |
|
AccessAnalyzerPaginatorFactory |
Paginators for the AccessAnalyzer service |
|
AccessDeniedException |
You do not have sufficient access to perform this action. |
|
AccessPreview |
Contains information about an access preview. |
|
AccessPreviewFinding |
An access preview finding generated by the access preview. |
|
AccessPreviewStatusReason |
Provides more details about the current status of the access preview. For example,
if the creation of the access preview fails, a |
|
AccessPreviewSummary |
Contains a summary of information about an access preview. |
|
AclGrantee |
You specify each grantee as a type-value pair using one of these types. You can specify only one type of grantee. For more information, see PutBucketAcl. |
|
AnalyzedResource |
Contains details about the analyzed resource. |
|
AnalyzedResourceSummary |
Contains the ARN of the analyzed resource. |
|
AnalyzerConfiguration |
Contains information about the configuration of an unused access analyzer for an Amazon Web Services organization or account. |
|
AnalyzerSummary |
Contains information about the analyzer. |
|
ApplyArchiveRuleRequest |
Container for the parameters to the ApplyArchiveRule operation. Retroactively applies the archive rule to existing findings that meet the archive rule criteria. |
|
ApplyArchiveRuleResponse |
This is the response object from the ApplyArchiveRule operation. |
|
ArchiveRuleSummary |
Contains information about an archive rule. |
|
CancelPolicyGenerationRequest |
Container for the parameters to the CancelPolicyGeneration operation. Cancels the requested policy generation. |
|
CancelPolicyGenerationResponse |
This is the response object from the CancelPolicyGeneration operation. |
|
CheckAccessNotGrantedRequest |
Container for the parameters to the CheckAccessNotGranted operation. Checks whether the specified access isn't allowed by a policy. |
|
CheckAccessNotGrantedResponse |
This is the response object from the CheckAccessNotGranted operation. |
|
CheckNoNewAccessRequest |
Container for the parameters to the CheckNoNewAccess operation. Checks whether new access is allowed for an updated policy when compared to the existing policy.
You can find examples for reference policies and learn how to set up and run a custom
policy check for new access in the IAM
Access Analyzer custom policy checks samples repository on GitHub. The reference
policies in this repository are meant to be passed to the |
|
CheckNoNewAccessResponse |
This is the response object from the CheckNoNewAccess operation. |
|
CloudTrailDetails |
Contains information about CloudTrail access. |
|
CloudTrailProperties |
Contains information about CloudTrail access. |
|
Configuration |
Access control configuration structures for your resource. You specify the configuration as a type-value pair. You can specify only one type of access control configuration. |
|
ConflictException |
A conflict exception error. |
|
CreateAccessPreviewRequest |
Container for the parameters to the CreateAccessPreview operation. Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions. |
|
CreateAccessPreviewResponse |
This is the response object from the CreateAccessPreview operation. |
|
CreateAnalyzerRequest |
Container for the parameters to the CreateAnalyzer operation. Creates an analyzer for your account. |
|
CreateAnalyzerResponse |
The response to the request to create an analyzer. |
|
CreateArchiveRuleRequest |
Container for the parameters to the CreateArchiveRule operation. Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule. To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide. |
|
CreateArchiveRuleResponse |
This is the response object from the CreateArchiveRule operation. |
|
Criterion |
The criteria to use in the filter that defines the archive rule. For more information on available filter keys, see IAM Access Analyzer filter keys. |
|
DeleteAnalyzerRequest |
Container for the parameters to the DeleteAnalyzer operation. Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action. |
|
DeleteAnalyzerResponse |
This is the response object from the DeleteAnalyzer operation. |
|
DeleteArchiveRuleRequest |
Container for the parameters to the DeleteArchiveRule operation. Deletes the specified archive rule. |
|
DeleteArchiveRuleResponse |
This is the response object from the DeleteArchiveRule operation. |
|
DynamodbStreamConfiguration |
The proposed access control configuration for a DynamoDB stream. You can propose a configuration for a new DynamoDB stream or an existing DynamoDB stream that you own by specifying the policy for the DynamoDB stream. For more information, see PutResourcePolicy.
|
|
DynamodbTableConfiguration |
The proposed access control configuration for a DynamoDB table or index. You can propose a configuration for a new DynamoDB table or index or an existing DynamoDB table or index that you own by specifying the policy for the DynamoDB table or index. For more information, see PutResourcePolicy.
|
|
EbsSnapshotConfiguration |
The proposed access control configuration for an Amazon EBS volume snapshot. You can propose a configuration for a new Amazon EBS volume snapshot or an Amazon EBS volume snapshot that you own by specifying the user IDs, groups, and optional KMS encryption key. For more information, see ModifySnapshotAttribute. |
|
EcrRepositoryConfiguration |
The proposed access control configuration for an Amazon ECR repository. You can propose a configuration for a new Amazon ECR repository or an existing Amazon ECR repository that you own by specifying the Amazon ECR policy. For more information, see Repository.
|
|
EfsFileSystemConfiguration |
The proposed access control configuration for an Amazon EFS file system. You can propose a configuration for a new Amazon EFS file system or an existing Amazon EFS file system that you own by specifying the Amazon EFS policy. For more information, see Using file systems in Amazon EFS.
|
|
ExternalAccessDetails |
Contains information about an external access finding. |
|
Finding |
Contains information about a finding. |
|
FindingDetails |
Contains information about an external access or unused access finding. Only one parameter
can be used in a |
|
FindingSource |
The source of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings. |
|
FindingSourceDetail |
Includes details about how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings. |
|
FindingSummary |
Contains information about a finding. |
|
FindingSummaryV2 |
Contains information about a finding. |
|
GeneratedPolicy |
Contains the text for the generated policy. |
|
GeneratedPolicyProperties |
Contains the generated policy details. |
|
GeneratedPolicyResult |
Contains the text for the generated policy and its details. |
|
GetAccessPreviewRequest |
Container for the parameters to the GetAccessPreview operation. Retrieves information about an access preview for the specified analyzer. |
|
GetAccessPreviewResponse |
This is the response object from the GetAccessPreview operation. |
|
GetAnalyzedResourceRequest |
Container for the parameters to the GetAnalyzedResource operation. Retrieves information about a resource that was analyzed. |
|
GetAnalyzedResourceResponse |
The response to the request. |
|
GetAnalyzerRequest |
Container for the parameters to the GetAnalyzer operation. Retrieves information about the specified analyzer. |
|
GetAnalyzerResponse |
The response to the request. |
|
GetArchiveRuleRequest |
Container for the parameters to the GetArchiveRule operation. Retrieves information about an archive rule. To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide. |
|
GetArchiveRuleResponse |
The response to the request. |
|
GetFindingRequest |
Container for the parameters to the GetFinding operation.
Retrieves information about the specified finding. GetFinding and GetFindingV2 both
use |
|
GetFindingResponse |
The response to the request. |
|
GetFindingV2Request |
Container for the parameters to the GetFindingV2 operation.
Retrieves information about the specified finding. GetFinding and GetFindingV2 both
use |
|
GetFindingV2Response |
This is the response object from the GetFindingV2 operation. |
|
GetGeneratedPolicyRequest |
Container for the parameters to the GetGeneratedPolicy operation.
Retrieves the policy that was generated using |
|
GetGeneratedPolicyResponse |
This is the response object from the GetGeneratedPolicy operation. |
|
IamRoleConfiguration |
The proposed access control configuration for an IAM role. You can propose a configuration for a new IAM role or an existing IAM role that you own by specifying the trust policy. If the configuration is for a new IAM role, you must specify the trust policy. If the configuration is for an existing IAM role that you own and you do not propose the trust policy, the access preview uses the existing trust policy for the role. The proposed trust policy cannot be an empty string. For more information about role trust policy limits, see IAM and STS quotas. |
|
InlineArchiveRule |
An criterion statement in an archive rule. Each archive rule may have multiple criteria. |
|
InternalServerException |
Internal server error. |
|
InternetConfiguration |
This configuration sets the network origin for the Amazon S3 access point or multi-region
access point to |
|
InvalidParameterException |
The specified parameter is invalid. |
|
JobDetails |
Contains details about the policy generation request. |
|
JobError |
Contains the details about the policy generation error. |
|
KmsGrantConfiguration |
A proposed grant configuration for a KMS key. For more information, see CreateGrant. |
|
KmsGrantConstraints |
Use this structure to propose allowing cryptographic operations in the grant only when the operation request includes the specified encryption context. You can specify only one type of encryption context. An empty map is treated as not specified. For more information, see GrantConstraints. |
|
KmsKeyConfiguration |
Proposed access control configuration for a KMS key. You can propose a configuration for a new KMS key or an existing KMS key that you own by specifying the key policy and KMS grant configuration. If the configuration is for an existing key and you do not specify the key policy, the access preview uses the existing policy for the key. If the access preview is for a new resource and you do not specify the key policy, then the access preview uses the default key policy. The proposed key policy cannot be an empty string. For more information, see Default key policy. For more information about key policy limits, see Resource quotas. |
|
ListAccessPreviewFindingsRequest |
Container for the parameters to the ListAccessPreviewFindings operation. Retrieves a list of access preview findings generated by the specified access preview. |
|
ListAccessPreviewFindingsResponse |
This is the response object from the ListAccessPreviewFindings operation. |
|
ListAccessPreviewsRequest |
Container for the parameters to the ListAccessPreviews operation. Retrieves a list of access previews for the specified analyzer. |
|
ListAccessPreviewsResponse |
This is the response object from the ListAccessPreviews operation. |
|
ListAnalyzedResourcesRequest |
Container for the parameters to the ListAnalyzedResources operation. Retrieves a list of resources of the specified type that have been analyzed by the specified external access analyzer. This action is not supported for unused access analyzers. |
|
ListAnalyzedResourcesResponse |
The response to the request. |
|
ListAnalyzersRequest |
Container for the parameters to the ListAnalyzers operation. Retrieves a list of analyzers. |
|
ListAnalyzersResponse |
The response to the request. |
|
ListArchiveRulesRequest |
Container for the parameters to the ListArchiveRules operation. Retrieves a list of archive rules created for the specified analyzer. |
|
ListArchiveRulesResponse |
The response to the request. |
|
ListFindingsRequest |
Container for the parameters to the ListFindings operation.
Retrieves a list of findings generated by the specified analyzer. ListFindings and
ListFindingsV2 both use To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide. |
|
ListFindingsResponse |
The response to the request. |
|
ListFindingsV2Request |
Container for the parameters to the ListFindingsV2 operation.
Retrieves a list of findings generated by the specified analyzer. ListFindings and
ListFindingsV2 both use To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide. |
|
ListFindingsV2Response |
This is the response object from the ListFindingsV2 operation. |
|
ListPolicyGenerationsRequest |
Container for the parameters to the ListPolicyGenerations operation. Lists all of the policy generations requested in the last seven days. |
|
ListPolicyGenerationsResponse |
This is the response object from the ListPolicyGenerations operation. |
|
ListTagsForResourceRequest |
Container for the parameters to the ListTagsForResource operation. Retrieves a list of tags applied to the specified resource. |
|
ListTagsForResourceResponse |
The response to the request. |
|
Location |
A location in a policy that is represented as a path through the JSON representation and a corresponding span. |
|
NetworkOriginConfiguration |
The proposed |
|
PathElement |
A single element in a path through the JSON representation of a policy. |
|
PolicyGeneration |
Contains details about the policy generation status and properties. |
|
PolicyGenerationDetails |
Contains the ARN details about the IAM entity for which the policy is generated. |
|
Position |
A position in a policy. |
|
RdsDbClusterSnapshotAttributeValue |
The values for a manual Amazon RDS DB cluster snapshot attribute. |
|
RdsDbClusterSnapshotConfiguration |
The proposed access control configuration for an Amazon RDS DB cluster snapshot. You
can propose a configuration for a new Amazon RDS DB cluster snapshot or an Amazon
RDS DB cluster snapshot that you own by specifying the |
|
RdsDbSnapshotAttributeValue |
The name and values of a manual Amazon RDS DB snapshot attribute. Manual DB snapshot attributes are used to authorize other Amazon Web Services accounts to restore a manual DB snapshot. |
|
RdsDbSnapshotConfiguration |
The proposed access control configuration for an Amazon RDS DB snapshot. You can propose
a configuration for a new Amazon RDS DB snapshot or an Amazon RDS DB snapshot that
you own by specifying the |
|
ReasonSummary |
Contains information about the reasoning why a check for access passed or failed. |
|
ResourceNotFoundException |
The specified resource could not be found. |
|
S3AccessPointConfiguration |
The configuration for an Amazon S3 access point or multi-region access point for the bucket. You can propose up to 10 access points or multi-region access points per bucket. If the proposed Amazon S3 access point configuration is for an existing bucket, the access preview uses the proposed access point configuration in place of the existing access points. To propose an access point without a policy, you can provide an empty string as the access point policy. For more information, see Creating access points. For more information about access point policy limits, see Access points restrictions and limitations. |
|
S3BucketAclGrantConfiguration |
A proposed access control list grant configuration for an Amazon S3 bucket. For more information, see How to Specify an ACL. |
|
S3BucketConfiguration |
Proposed access control configuration for an Amazon S3 bucket. You can propose a configuration for a new Amazon S3 bucket or an existing Amazon S3 bucket that you own by specifying the Amazon S3 bucket policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and multi-region access points attached to the bucket. If the configuration is for an existing Amazon S3 bucket and you do not specify the Amazon S3 bucket policy, the access preview uses the existing policy attached to the bucket. If the access preview is for a new resource and you do not specify the Amazon S3 bucket policy, the access preview assumes a bucket without a policy. To propose deletion of an existing bucket policy, you can specify an empty string. For more information about bucket policy limits, see Bucket Policy Examples. |
|
S3ExpressDirectoryBucketConfiguration |
Proposed access control configuration for an Amazon S3 directory bucket. You can propose a configuration for a new Amazon S3 directory bucket or an existing Amazon S3 directory bucket that you own by specifying the Amazon S3 bucket policy. If the configuration is for an existing Amazon S3 directory bucket and you do not specify the Amazon S3 bucket policy, the access preview uses the existing policy attached to the directory bucket. If the access preview is for a new resource and you do not specify the Amazon S3 bucket policy, the access preview assumes an directory bucket without a policy. To propose deletion of an existing bucket policy, you can specify an empty string. For more information about Amazon S3 directory bucket policies, see Example directory bucket policies for S3 Express One Zone. |
|
S3PublicAccessBlockConfiguration |
The |
|
SecretsManagerSecretConfiguration |
The configuration for a Secrets Manager secret. For more information, see CreateSecret.
You can propose a configuration for a new secret or an existing secret that you own
by specifying the secret policy and optional KMS encryption key. If the configuration
is for an existing secret and you do not specify the secret policy, the access preview
uses the existing policy for the secret. If the access preview is for a new resource
and you do not specify the policy, the access preview assumes a secret without a policy.
To propose deletion of an existing policy, you can specify an empty string. If the
proposed configuration is for a new secret and you do not specify the KMS key ID,
the access preview uses the Amazon Web Services managed key |
|
ServiceQuotaExceededException |
Service quote met error. |
|
SnsTopicConfiguration |
The proposed access control configuration for an Amazon SNS topic. You can propose a configuration for a new Amazon SNS topic or an existing Amazon SNS topic that you own by specifying the policy. If the configuration is for an existing Amazon SNS topic and you do not specify the Amazon SNS policy, then the access preview uses the existing Amazon SNS policy for the topic. If the access preview is for a new resource and you do not specify the policy, then the access preview assumes an Amazon SNS topic without a policy. To propose deletion of an existing Amazon SNS topic policy, you can specify an empty string for the Amazon SNS policy. For more information, see Topic. |
|
SortCriteria |
The criteria used to sort. |
|
Span |
A span in a policy. The span consists of a start position (inclusive) and end position (exclusive). |
|
SqsQueueConfiguration |
The proposed access control configuration for an Amazon SQS queue. You can propose a configuration for a new Amazon SQS queue or an existing Amazon SQS queue that you own by specifying the Amazon SQS policy. If the configuration is for an existing Amazon SQS queue and you do not specify the Amazon SQS policy, the access preview uses the existing Amazon SQS policy for the queue. If the access preview is for a new resource and you do not specify the policy, the access preview assumes an Amazon SQS queue without a policy. To propose deletion of an existing Amazon SQS queue policy, you can specify an empty string for the Amazon SQS policy. For more information about Amazon SQS policy limits, see Quotas related to policies. |
|
StartPolicyGenerationRequest |
Container for the parameters to the StartPolicyGeneration operation. Starts the policy generation request. |
|
StartPolicyGenerationResponse |
This is the response object from the StartPolicyGeneration operation. |
|
StartResourceScanRequest |
Container for the parameters to the StartResourceScan operation. Immediately starts a scan of the policies applied to the specified resource. |
|
StartResourceScanResponse |
This is the response object from the StartResourceScan operation. |
|
StatusReason |
Provides more details about the current status of the analyzer. For example, if the
creation for the analyzer fails, a |
|
Substring |
A reference to a substring of a literal string in a JSON document. |
|
TagResourceRequest |
Container for the parameters to the TagResource operation. Adds a tag to the specified resource. |
|
TagResourceResponse |
The response to the request. |
|
ThrottlingException |
Throttling limit exceeded error. |
|
Trail |
Contains details about the CloudTrail trail being analyzed to generate a policy. |
|
TrailProperties |
Contains details about the CloudTrail trail being analyzed to generate a policy. |
|
UnprocessableEntityException |
The specified entity could not be processed. |
|
UntagResourceRequest |
Container for the parameters to the UntagResource operation. Removes a tag from the specified resource. |
|
UntagResourceResponse |
The response to the request. |
|
UnusedAccessConfiguration |
Contains information about an unused access analyzer. |
|
UnusedAction |
Contains information about an unused access finding for an action. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing. |
|
UnusedIamRoleDetails |
Contains information about an unused access finding for an IAM role. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing. |
|
UnusedIamUserAccessKeyDetails |
Contains information about an unused access finding for an IAM user access key. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing. |
|
UnusedIamUserPasswordDetails |
Contains information about an unused access finding for an IAM user password. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing. |
|
UnusedPermissionDetails |
Contains information about an unused access finding for a permission. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing. |
|
UpdateArchiveRuleRequest |
Container for the parameters to the UpdateArchiveRule operation. Updates the criteria and values for the specified archive rule. |
|
UpdateArchiveRuleResponse |
This is the response object from the UpdateArchiveRule operation. |
|
UpdateFindingsRequest |
Container for the parameters to the UpdateFindings operation. Updates the status for the specified findings. |
|
UpdateFindingsResponse |
This is the response object from the UpdateFindings operation. |
|
ValidatePolicyFinding |
A finding in a policy. Each finding is an actionable recommendation that can be used to improve the policy. |
|
ValidatePolicyRequest |
Container for the parameters to the ValidatePolicy operation. Requests the validation of a policy and returns a list of findings. The findings help you identify issues and provide actionable recommendations to resolve the issue and enable you to author functional policies that meet security best practices. |
|
ValidatePolicyResponse |
This is the response object from the ValidatePolicy operation. |
|
ValidationException |
Validation exception error. |
|
ValidationExceptionField |
Contains information about a validation exception. |
|
VpcConfiguration |
The proposed virtual private cloud (VPC) configuration for the Amazon S3 access point. VPC configuration does not apply to multi-region access points. For more information, see VpcConfiguration. |
Name | Description | |
---|---|---|
IAccessAnalyzerPaginatorFactory |
Paginators for the AccessAnalyzer service |
|
IGetFindingV2Paginator |
Paginator for the GetFindingV2 operation |
|
IListAccessPreviewFindingsPaginator |
Paginator for the ListAccessPreviewFindings operation |
|
IListAccessPreviewsPaginator |
Paginator for the ListAccessPreviews operation |
|
IListAnalyzedResourcesPaginator |
Paginator for the ListAnalyzedResources operation |
|
IListAnalyzersPaginator |
Paginator for the ListAnalyzers operation |
|
IListArchiveRulesPaginator |
Paginator for the ListArchiveRules operation |
|
IListFindingsPaginator |
Paginator for the ListFindings operation |
|
IListFindingsV2Paginator |
Paginator for the ListFindingsV2 operation |
|
IListPolicyGenerationsPaginator |
Paginator for the ListPolicyGenerations operation |
|
IValidatePolicyPaginator |
Paginator for the ValidatePolicy operation |