CfnAnalyzerPropsMixin
- class aws_cdk.mixins_preview.aws_accessanalyzer.mixins.CfnAnalyzerPropsMixin(props, *, strategy=None)
Bases:
MixinThe
AWS::AccessAnalyzer::Analyzerresource specifies a new analyzer.The analyzer is an object that represents the IAM Access Analyzer feature. An analyzer is required for Access Analyzer to become operational.
- See:
- CloudformationResource:
AWS::AccessAnalyzer::Analyzer
- Mixin:
true
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview import mixins from aws_cdk.mixins_preview.aws_accessanalyzer import mixins as accessanalyzer_mixins cfn_analyzer_props_mixin = accessanalyzer_mixins.CfnAnalyzerPropsMixin(accessanalyzer_mixins.CfnAnalyzerMixinProps( analyzer_configuration=accessanalyzer_mixins.CfnAnalyzerPropsMixin.AnalyzerConfigurationProperty( internal_access_configuration=accessanalyzer_mixins.CfnAnalyzerPropsMixin.InternalAccessConfigurationProperty( internal_access_analysis_rule=accessanalyzer_mixins.CfnAnalyzerPropsMixin.InternalAccessAnalysisRuleProperty( inclusions=[accessanalyzer_mixins.CfnAnalyzerPropsMixin.InternalAccessAnalysisRuleCriteriaProperty( account_ids=["accountIds"], resource_arns=["resourceArns"], resource_types=["resourceTypes"] )] ) ), unused_access_configuration=accessanalyzer_mixins.CfnAnalyzerPropsMixin.UnusedAccessConfigurationProperty( analysis_rule=accessanalyzer_mixins.CfnAnalyzerPropsMixin.AnalysisRuleProperty( exclusions=[accessanalyzer_mixins.CfnAnalyzerPropsMixin.AnalysisRuleCriteriaProperty( account_ids=["accountIds"], resource_tags=[[CfnTag( key="key", value="value" )]] )] ), unused_access_age=123 ) ), analyzer_name="analyzerName", archive_rules=[accessanalyzer_mixins.CfnAnalyzerPropsMixin.ArchiveRuleProperty( filter=[accessanalyzer_mixins.CfnAnalyzerPropsMixin.FilterProperty( contains=["contains"], eq=["eq"], exists=False, neq=["neq"], property="property" )], rule_name="ruleName" )], tags=[CfnTag( key="key", value="value" )], type="type" ), strategy=mixins.PropertyMergeStrategy.OVERRIDE )
Create a mixin to apply properties to
AWS::AccessAnalyzer::Analyzer.- Parameters:
props (
Union[CfnAnalyzerMixinProps,Dict[str,Any]]) – L1 properties to apply.strategy (
Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE
Methods
- apply_to(construct)
Apply the mixin properties to the construct.
- Parameters:
construct (
IConstruct)- Return type:
- supports(construct)
Check if this mixin supports the given construct.
- Parameters:
construct (
IConstruct)- Return type:
bool
Attributes
- CFN_PROPERTY_KEYS = ['analyzerConfiguration', 'analyzerName', 'archiveRules', 'tags', 'type']
Static Methods
- classmethod is_mixin(x)
(experimental) Checks if
xis a Mixin.- Parameters:
x (
Any) – Any object.- Return type:
bool- Returns:
true if
xis an object created from a class which extendsMixin.- Stability:
experimental
AnalysisRuleCriteriaProperty
- class CfnAnalyzerPropsMixin.AnalysisRuleCriteriaProperty(*, account_ids=None, resource_tags=None)
Bases:
objectThe criteria for an analysis rule for an analyzer.
The criteria determine which entities will generate findings.
- Parameters:
account_ids (
Optional[Sequence[str]]) – A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers. The list cannot include more than 2,000 account IDs.resource_tags (
Union[IResolvable,Sequence[Union[IResolvable,Sequence[Union[IResolvable,CfnTag,Dict[str,Any]]]]],None]) – An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace,_,.,/,=,+, and-. For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed withaws:. For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_accessanalyzer import mixins as accessanalyzer_mixins analysis_rule_criteria_property = accessanalyzer_mixins.CfnAnalyzerPropsMixin.AnalysisRuleCriteriaProperty( account_ids=["accountIds"], resource_tags=[[CfnTag( key="key", value="value" )]] )
Attributes
- account_ids
A list of AWS account IDs to apply to the analysis rule criteria.
The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers. The list cannot include more than 2,000 account IDs.
- resource_tags
An array of key-value pairs to match for your resources.
You can use the set of Unicode letters, digits, whitespace,
_,.,/,=,+, and-.For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with
aws:.For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.
AnalysisRuleProperty
- class CfnAnalyzerPropsMixin.AnalysisRuleProperty(*, exclusions=None)
Bases:
objectContains information about analysis rules for the analyzer.
Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
- Parameters:
exclusions (
Union[IResolvable,Sequence[Union[IResolvable,AnalysisRuleCriteriaProperty,Dict[str,Any]]],None]) – A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_accessanalyzer import mixins as accessanalyzer_mixins analysis_rule_property = accessanalyzer_mixins.CfnAnalyzerPropsMixin.AnalysisRuleProperty( exclusions=[accessanalyzer_mixins.CfnAnalyzerPropsMixin.AnalysisRuleCriteriaProperty( account_ids=["accountIds"], resource_tags=[[CfnTag( key="key", value="value" )]] )] )
Attributes
- exclusions
A list of rules for the analyzer containing criteria to exclude from analysis.
Entities that meet the rule criteria will not generate findings.
AnalyzerConfigurationProperty
- class CfnAnalyzerPropsMixin.AnalyzerConfigurationProperty(*, internal_access_configuration=None, unused_access_configuration=None)
Bases:
objectContains information about the configuration of an analyzer for an AWS organization or account.
- Parameters:
internal_access_configuration (
Union[IResolvable,InternalAccessConfigurationProperty,Dict[str,Any],None]) – Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment.unused_access_configuration (
Union[IResolvable,UnusedAccessConfigurationProperty,Dict[str,Any],None]) – Specifies the configuration of an unused access analyzer for an AWS organization or account.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_accessanalyzer import mixins as accessanalyzer_mixins analyzer_configuration_property = accessanalyzer_mixins.CfnAnalyzerPropsMixin.AnalyzerConfigurationProperty( internal_access_configuration=accessanalyzer_mixins.CfnAnalyzerPropsMixin.InternalAccessConfigurationProperty( internal_access_analysis_rule=accessanalyzer_mixins.CfnAnalyzerPropsMixin.InternalAccessAnalysisRuleProperty( inclusions=[accessanalyzer_mixins.CfnAnalyzerPropsMixin.InternalAccessAnalysisRuleCriteriaProperty( account_ids=["accountIds"], resource_arns=["resourceArns"], resource_types=["resourceTypes"] )] ) ), unused_access_configuration=accessanalyzer_mixins.CfnAnalyzerPropsMixin.UnusedAccessConfigurationProperty( analysis_rule=accessanalyzer_mixins.CfnAnalyzerPropsMixin.AnalysisRuleProperty( exclusions=[accessanalyzer_mixins.CfnAnalyzerPropsMixin.AnalysisRuleCriteriaProperty( account_ids=["accountIds"], resource_tags=[[CfnTag( key="key", value="value" )]] )] ), unused_access_age=123 ) )
Attributes
- internal_access_configuration
Specifies the configuration of an internal access analyzer for an AWS organization or account.
This configuration determines how the analyzer evaluates access within your AWS environment.
- unused_access_configuration
Specifies the configuration of an unused access analyzer for an AWS organization or account.
ArchiveRuleProperty
- class CfnAnalyzerPropsMixin.ArchiveRuleProperty(*, filter=None, rule_name=None)
Bases:
objectContains information about an archive rule.
Archive rules automatically archive new findings that meet the criteria you define when you create the rule.
- Parameters:
filter (
Union[IResolvable,Sequence[Union[IResolvable,FilterProperty,Dict[str,Any]]],None]) – The criteria for the rule.rule_name (
Optional[str]) – The name of the rule to create.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_accessanalyzer import mixins as accessanalyzer_mixins archive_rule_property = accessanalyzer_mixins.CfnAnalyzerPropsMixin.ArchiveRuleProperty( filter=[accessanalyzer_mixins.CfnAnalyzerPropsMixin.FilterProperty( contains=["contains"], eq=["eq"], exists=False, neq=["neq"], property="property" )], rule_name="ruleName" )
Attributes
- filter
The criteria for the rule.
- rule_name
The name of the rule to create.
FilterProperty
- class CfnAnalyzerPropsMixin.FilterProperty(*, contains=None, eq=None, exists=None, neq=None, property=None)
Bases:
objectThe criteria that defines the archive rule.
To learn about filter keys that you can use to create an archive rule, see filter keys in the User Guide .
- Parameters:
contains (
Optional[Sequence[str]]) – A “contains” condition to match for the rule.eq (
Optional[Sequence[str]]) – An “equals” condition to match for the rule.exists (
Union[bool,IResolvable,None]) – An “exists” condition to match for the rule.neq (
Optional[Sequence[str]]) – A “not equal” condition to match for the rule.property (
Optional[str]) – The property used to define the criteria in the filter for the rule.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_accessanalyzer import mixins as accessanalyzer_mixins filter_property = accessanalyzer_mixins.CfnAnalyzerPropsMixin.FilterProperty( contains=["contains"], eq=["eq"], exists=False, neq=["neq"], property="property" )
Attributes
- contains
A “contains” condition to match for the rule.
- eq
An “equals” condition to match for the rule.
- exists
An “exists” condition to match for the rule.
- neq
A “not equal” condition to match for the rule.
- property
The property used to define the criteria in the filter for the rule.
InternalAccessAnalysisRuleCriteriaProperty
- class CfnAnalyzerPropsMixin.InternalAccessAnalysisRuleCriteriaProperty(*, account_ids=None, resource_arns=None, resource_types=None)
Bases:
objectThe criteria for an analysis rule for an internal access analyzer.
- Parameters:
account_ids (
Optional[Sequence[str]]) – A list of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.resource_arns (
Optional[Sequence[str]]) – A list of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.resource_types (
Optional[Sequence[str]]) – A list of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types. These resource types are currently supported for internal access analyzers: -AWS::S3::Bucket-AWS::RDS::DBSnapshot-AWS::RDS::DBClusterSnapshot-AWS::S3Express::DirectoryBucket-AWS::DynamoDB::Table-AWS::DynamoDB::Stream
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_accessanalyzer import mixins as accessanalyzer_mixins internal_access_analysis_rule_criteria_property = accessanalyzer_mixins.CfnAnalyzerPropsMixin.InternalAccessAnalysisRuleCriteriaProperty( account_ids=["accountIds"], resource_arns=["resourceArns"], resource_types=["resourceTypes"] )
Attributes
- account_ids
A list of AWS account IDs to apply to the internal access analysis rule criteria.
Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
- resource_arns
A list of resource ARNs to apply to the internal access analysis rule criteria.
The analyzer will only generate findings for resources that match these ARNs.
- resource_types
A list of resource types to apply to the internal access analysis rule criteria.
The analyzer will only generate findings for resources of these types. These resource types are currently supported for internal access analyzers:
AWS::S3::BucketAWS::RDS::DBSnapshotAWS::RDS::DBClusterSnapshotAWS::S3Express::DirectoryBucketAWS::DynamoDB::TableAWS::DynamoDB::Stream
InternalAccessAnalysisRuleProperty
- class CfnAnalyzerPropsMixin.InternalAccessAnalysisRuleProperty(*, inclusions=None)
Bases:
objectContains information about analysis rules for the internal access analyzer.
Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
- Parameters:
inclusions (
Union[IResolvable,Sequence[Union[IResolvable,InternalAccessAnalysisRuleCriteriaProperty,Dict[str,Any]]],None]) – A list of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_accessanalyzer import mixins as accessanalyzer_mixins internal_access_analysis_rule_property = accessanalyzer_mixins.CfnAnalyzerPropsMixin.InternalAccessAnalysisRuleProperty( inclusions=[accessanalyzer_mixins.CfnAnalyzerPropsMixin.InternalAccessAnalysisRuleCriteriaProperty( account_ids=["accountIds"], resource_arns=["resourceArns"], resource_types=["resourceTypes"] )] )
Attributes
- inclusions
A list of rules for the internal access analyzer containing criteria to include in analysis.
Only resources that meet the rule criteria will generate findings.
InternalAccessConfigurationProperty
- class CfnAnalyzerPropsMixin.InternalAccessConfigurationProperty(*, internal_access_analysis_rule=None)
Bases:
objectSpecifies the configuration of an internal access analyzer for an AWS organization or account.
This configuration determines how the analyzer evaluates internal access within your AWS environment.
- Parameters:
internal_access_analysis_rule (
Union[IResolvable,InternalAccessAnalysisRuleProperty,Dict[str,Any],None]) – Contains information about analysis rules for the internal access analyzer. These rules determine which resources and access patterns will be analyzed.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_accessanalyzer import mixins as accessanalyzer_mixins internal_access_configuration_property = accessanalyzer_mixins.CfnAnalyzerPropsMixin.InternalAccessConfigurationProperty( internal_access_analysis_rule=accessanalyzer_mixins.CfnAnalyzerPropsMixin.InternalAccessAnalysisRuleProperty( inclusions=[accessanalyzer_mixins.CfnAnalyzerPropsMixin.InternalAccessAnalysisRuleCriteriaProperty( account_ids=["accountIds"], resource_arns=["resourceArns"], resource_types=["resourceTypes"] )] ) )
Attributes
- internal_access_analysis_rule
Contains information about analysis rules for the internal access analyzer.
These rules determine which resources and access patterns will be analyzed.
UnusedAccessConfigurationProperty
- class CfnAnalyzerPropsMixin.UnusedAccessConfigurationProperty(*, analysis_rule=None, unused_access_age=None)
Bases:
objectContains information about an unused access analyzer.
- Parameters:
analysis_rule (
Union[IResolvable,AnalysisRuleProperty,Dict[str,Any],None]) – Contains information about analysis rules for the analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.unused_access_age (
Union[int,float,None]) – The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn’t been used in 90 or more days since the analyzer’s last scan. You can choose a value between 1 and 365 days.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_accessanalyzer import mixins as accessanalyzer_mixins unused_access_configuration_property = accessanalyzer_mixins.CfnAnalyzerPropsMixin.UnusedAccessConfigurationProperty( analysis_rule=accessanalyzer_mixins.CfnAnalyzerPropsMixin.AnalysisRuleProperty( exclusions=[accessanalyzer_mixins.CfnAnalyzerPropsMixin.AnalysisRuleCriteriaProperty( account_ids=["accountIds"], resource_tags=[[CfnTag( key="key", value="value" )]] )] ), unused_access_age=123 )
Attributes
- analysis_rule
Contains information about analysis rules for the analyzer.
Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
- unused_access_age
The specified access age in days for which to generate findings for unused access.
For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn’t been used in 90 or more days since the analyzer’s last scan. You can choose a value between 1 and 365 days.