CreateAccessPreview - Access Analyzer

CreateAccessPreview

Creates an access preview that allows you to preview Access Analyzer findings for your resource before deploying resource permissions.

Request Syntax

PUT /access-preview HTTP/1.1 Content-type: application/json { "analyzerArn": "string", "clientToken": "string", "configurations": { "string" : { "iamRole": { "trustPolicy": "string" }, "kmsKey": { "grants": [ { "constraints": { "encryptionContextEquals": { "string" : "string" }, "encryptionContextSubset": { "string" : "string" } }, "granteePrincipal": "string", "issuingAccount": "string", "operations": [ "string" ], "retiringPrincipal": "string" } ], "keyPolicies": { "string" : "string" } }, "s3Bucket": { "accessPoints": { "string" : { "accessPointPolicy": "string", "networkOrigin": { "internetConfiguration": { }, "vpcConfiguration": { "vpcId": "string" } }, "publicAccessBlock": { "ignorePublicAcls": boolean, "restrictPublicBuckets": boolean } } }, "bucketAclGrants": [ { "grantee": { "id": "string", "uri": "string" }, "permission": "string" } ], "bucketPolicy": "string", "bucketPublicAccessBlock": { "ignorePublicAcls": boolean, "restrictPublicBuckets": boolean } }, "secretsManagerSecret": { "kmsKeyId": "string", "secretPolicy": "string" }, "sqsQueue": { "queuePolicy": "string" } } } }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

analyzerArn

The ARN of the account analyzer used to generate the access preview. You can only create an access preview for analyzers with an Account type and Active status.

Type: String

Pattern: ^[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}$

Required: Yes

clientToken

A client token.

Type: String

Required: No

configurations

Access control configuration for your resource that is used to generate the access preview. The access preview includes findings for external access allowed to the resource with the proposed access control configuration. The configuration must contain exactly one element.

Type: String to Configuration object map

Required: Yes

Response Syntax

HTTP/1.1 200 Content-type: application/json { "id": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

id

The unique ID for the access preview.

Type: String

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 403

ConflictException

A conflict exception error.

HTTP Status Code: 409

InternalServerException

Internal server error.

HTTP Status Code: 500

ResourceNotFoundException

The specified resource could not be found.

HTTP Status Code: 404

ServiceQuotaExceededException

Service quote met error.

HTTP Status Code: 402

ThrottlingException

Throttling limit exceeded error.

HTTP Status Code: 429

ValidationException

Validation exception error.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: