@Generated(value="com.amazonaws:aws-java-sdk-code-generator") public class AbstractAWSAccessAnalyzer extends Object implements AWSAccessAnalyzer
AWSAccessAnalyzer
. Convenient method forms pass through to the corresponding
overload that takes a request object, which throws an UnsupportedOperationException
.ENDPOINT_PREFIX
Modifier and Type | Method and Description |
---|---|
ApplyArchiveRuleResult |
applyArchiveRule(ApplyArchiveRuleRequest request)
Retroactively applies the archive rule to existing findings that meet the archive rule criteria.
|
CancelPolicyGenerationResult |
cancelPolicyGeneration(CancelPolicyGenerationRequest request)
Cancels the requested policy generation.
|
CheckAccessNotGrantedResult |
checkAccessNotGranted(CheckAccessNotGrantedRequest request)
Checks whether the specified access isn't allowed by a policy.
|
CheckNoNewAccessResult |
checkNoNewAccess(CheckNoNewAccessRequest request)
Checks whether new access is allowed for an updated policy when compared to the existing policy.
|
CheckNoPublicAccessResult |
checkNoPublicAccess(CheckNoPublicAccessRequest request)
Checks whether a resource policy can grant public access to the specified resource type.
|
CreateAccessPreviewResult |
createAccessPreview(CreateAccessPreviewRequest request)
Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before
deploying resource permissions.
|
CreateAnalyzerResult |
createAnalyzer(CreateAnalyzerRequest request)
Creates an analyzer for your account.
|
CreateArchiveRuleResult |
createArchiveRule(CreateArchiveRuleRequest request)
Creates an archive rule for the specified analyzer.
|
DeleteAnalyzerResult |
deleteAnalyzer(DeleteAnalyzerRequest request)
Deletes the specified analyzer.
|
DeleteArchiveRuleResult |
deleteArchiveRule(DeleteArchiveRuleRequest request)
Deletes the specified archive rule.
|
GenerateFindingRecommendationResult |
generateFindingRecommendation(GenerateFindingRecommendationRequest request)
Creates a recommendation for an unused permissions finding.
|
GetAccessPreviewResult |
getAccessPreview(GetAccessPreviewRequest request)
Retrieves information about an access preview for the specified analyzer.
|
GetAnalyzedResourceResult |
getAnalyzedResource(GetAnalyzedResourceRequest request)
Retrieves information about a resource that was analyzed.
|
GetAnalyzerResult |
getAnalyzer(GetAnalyzerRequest request)
Retrieves information about the specified analyzer.
|
GetArchiveRuleResult |
getArchiveRule(GetArchiveRuleRequest request)
Retrieves information about an archive rule.
|
ResponseMetadata |
getCachedResponseMetadata(AmazonWebServiceRequest request)
Returns additional metadata for a previously executed successful request, typically used for debugging issues
where a service isn't acting as expected.
|
GetFindingResult |
getFinding(GetFindingRequest request)
Retrieves information about the specified finding.
|
GetFindingRecommendationResult |
getFindingRecommendation(GetFindingRecommendationRequest request)
Retrieves information about a finding recommendation for the specified analyzer.
|
GetFindingV2Result |
getFindingV2(GetFindingV2Request request)
Retrieves information about the specified finding.
|
GetGeneratedPolicyResult |
getGeneratedPolicy(GetGeneratedPolicyRequest request)
Retrieves the policy that was generated using
StartPolicyGeneration . |
ListAccessPreviewFindingsResult |
listAccessPreviewFindings(ListAccessPreviewFindingsRequest request)
Retrieves a list of access preview findings generated by the specified access preview.
|
ListAccessPreviewsResult |
listAccessPreviews(ListAccessPreviewsRequest request)
Retrieves a list of access previews for the specified analyzer.
|
ListAnalyzedResourcesResult |
listAnalyzedResources(ListAnalyzedResourcesRequest request)
Retrieves a list of resources of the specified type that have been analyzed by the specified external access
analyzer.
|
ListAnalyzersResult |
listAnalyzers(ListAnalyzersRequest request)
Retrieves a list of analyzers.
|
ListArchiveRulesResult |
listArchiveRules(ListArchiveRulesRequest request)
Retrieves a list of archive rules created for the specified analyzer.
|
ListFindingsResult |
listFindings(ListFindingsRequest request)
Retrieves a list of findings generated by the specified analyzer.
|
ListFindingsV2Result |
listFindingsV2(ListFindingsV2Request request)
Retrieves a list of findings generated by the specified analyzer.
|
ListPolicyGenerationsResult |
listPolicyGenerations(ListPolicyGenerationsRequest request)
Lists all of the policy generations requested in the last seven days.
|
ListTagsForResourceResult |
listTagsForResource(ListTagsForResourceRequest request)
Retrieves a list of tags applied to the specified resource.
|
void |
shutdown()
Shuts down this client object, releasing any resources that might be held open.
|
StartPolicyGenerationResult |
startPolicyGeneration(StartPolicyGenerationRequest request)
Starts the policy generation request.
|
StartResourceScanResult |
startResourceScan(StartResourceScanRequest request)
Immediately starts a scan of the policies applied to the specified resource.
|
TagResourceResult |
tagResource(TagResourceRequest request)
Adds a tag to the specified resource.
|
UntagResourceResult |
untagResource(UntagResourceRequest request)
Removes a tag from the specified resource.
|
UpdateArchiveRuleResult |
updateArchiveRule(UpdateArchiveRuleRequest request)
Updates the criteria and values for the specified archive rule.
|
UpdateFindingsResult |
updateFindings(UpdateFindingsRequest request)
Updates the status for the specified findings.
|
ValidatePolicyResult |
validatePolicy(ValidatePolicyRequest request)
Requests the validation of a policy and returns a list of findings.
|
public ApplyArchiveRuleResult applyArchiveRule(ApplyArchiveRuleRequest request)
AWSAccessAnalyzer
Retroactively applies the archive rule to existing findings that meet the archive rule criteria.
applyArchiveRule
in interface AWSAccessAnalyzer
request
- Retroactively applies an archive rule.public CancelPolicyGenerationResult cancelPolicyGeneration(CancelPolicyGenerationRequest request)
AWSAccessAnalyzer
Cancels the requested policy generation.
cancelPolicyGeneration
in interface AWSAccessAnalyzer
public CheckAccessNotGrantedResult checkAccessNotGranted(CheckAccessNotGrantedRequest request)
AWSAccessAnalyzer
Checks whether the specified access isn't allowed by a policy.
checkAccessNotGranted
in interface AWSAccessAnalyzer
public CheckNoNewAccessResult checkNoNewAccess(CheckNoNewAccessRequest request)
AWSAccessAnalyzer
Checks whether new access is allowed for an updated policy when compared to the existing policy.
You can find examples for reference policies and learn how to set up and run a custom policy check for new access
in the IAM Access
Analyzer custom policy checks samples repository on GitHub. The reference policies in this repository are
meant to be passed to the existingPolicyDocument
request parameter.
checkNoNewAccess
in interface AWSAccessAnalyzer
public CheckNoPublicAccessResult checkNoPublicAccess(CheckNoPublicAccessRequest request)
AWSAccessAnalyzer
Checks whether a resource policy can grant public access to the specified resource type.
checkNoPublicAccess
in interface AWSAccessAnalyzer
public CreateAccessPreviewResult createAccessPreview(CreateAccessPreviewRequest request)
AWSAccessAnalyzer
Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.
createAccessPreview
in interface AWSAccessAnalyzer
public CreateAnalyzerResult createAnalyzer(CreateAnalyzerRequest request)
AWSAccessAnalyzer
Creates an analyzer for your account.
createAnalyzer
in interface AWSAccessAnalyzer
request
- Creates an analyzer.public CreateArchiveRuleResult createArchiveRule(CreateArchiveRuleRequest request)
AWSAccessAnalyzer
Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.
To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.
createArchiveRule
in interface AWSAccessAnalyzer
request
- Creates an archive rule.public DeleteAnalyzerResult deleteAnalyzer(DeleteAnalyzerRequest request)
AWSAccessAnalyzer
Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.
deleteAnalyzer
in interface AWSAccessAnalyzer
request
- Deletes an analyzer.public DeleteArchiveRuleResult deleteArchiveRule(DeleteArchiveRuleRequest request)
AWSAccessAnalyzer
Deletes the specified archive rule.
deleteArchiveRule
in interface AWSAccessAnalyzer
request
- Deletes an archive rule.public GenerateFindingRecommendationResult generateFindingRecommendation(GenerateFindingRecommendationRequest request)
AWSAccessAnalyzer
Creates a recommendation for an unused permissions finding.
generateFindingRecommendation
in interface AWSAccessAnalyzer
public GetAccessPreviewResult getAccessPreview(GetAccessPreviewRequest request)
AWSAccessAnalyzer
Retrieves information about an access preview for the specified analyzer.
getAccessPreview
in interface AWSAccessAnalyzer
public GetAnalyzedResourceResult getAnalyzedResource(GetAnalyzedResourceRequest request)
AWSAccessAnalyzer
Retrieves information about a resource that was analyzed.
getAnalyzedResource
in interface AWSAccessAnalyzer
request
- Retrieves an analyzed resource.public GetAnalyzerResult getAnalyzer(GetAnalyzerRequest request)
AWSAccessAnalyzer
Retrieves information about the specified analyzer.
getAnalyzer
in interface AWSAccessAnalyzer
request
- Retrieves an analyzer.public GetArchiveRuleResult getArchiveRule(GetArchiveRuleRequest request)
AWSAccessAnalyzer
Retrieves information about an archive rule.
To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.
getArchiveRule
in interface AWSAccessAnalyzer
request
- Retrieves an archive rule.public GetFindingResult getFinding(GetFindingRequest request)
AWSAccessAnalyzer
Retrieves information about the specified finding. GetFinding and GetFindingV2 both use
access-analyzer:GetFinding
in the Action
element of an IAM policy statement. You must
have permission to perform the access-analyzer:GetFinding
action.
getFinding
in interface AWSAccessAnalyzer
request
- Retrieves a finding.public GetFindingRecommendationResult getFindingRecommendation(GetFindingRecommendationRequest request)
AWSAccessAnalyzer
Retrieves information about a finding recommendation for the specified analyzer.
getFindingRecommendation
in interface AWSAccessAnalyzer
public GetFindingV2Result getFindingV2(GetFindingV2Request request)
AWSAccessAnalyzer
Retrieves information about the specified finding. GetFinding and GetFindingV2 both use
access-analyzer:GetFinding
in the Action
element of an IAM policy statement. You must
have permission to perform the access-analyzer:GetFinding
action.
getFindingV2
in interface AWSAccessAnalyzer
public GetGeneratedPolicyResult getGeneratedPolicy(GetGeneratedPolicyRequest request)
AWSAccessAnalyzer
Retrieves the policy that was generated using StartPolicyGeneration
.
getGeneratedPolicy
in interface AWSAccessAnalyzer
public ListAccessPreviewFindingsResult listAccessPreviewFindings(ListAccessPreviewFindingsRequest request)
AWSAccessAnalyzer
Retrieves a list of access preview findings generated by the specified access preview.
listAccessPreviewFindings
in interface AWSAccessAnalyzer
public ListAccessPreviewsResult listAccessPreviews(ListAccessPreviewsRequest request)
AWSAccessAnalyzer
Retrieves a list of access previews for the specified analyzer.
listAccessPreviews
in interface AWSAccessAnalyzer
public ListAnalyzedResourcesResult listAnalyzedResources(ListAnalyzedResourcesRequest request)
AWSAccessAnalyzer
Retrieves a list of resources of the specified type that have been analyzed by the specified external access analyzer. This action is not supported for unused access analyzers.
listAnalyzedResources
in interface AWSAccessAnalyzer
request
- Retrieves a list of resources that have been analyzed.public ListAnalyzersResult listAnalyzers(ListAnalyzersRequest request)
AWSAccessAnalyzer
Retrieves a list of analyzers.
listAnalyzers
in interface AWSAccessAnalyzer
request
- Retrieves a list of analyzers.public ListArchiveRulesResult listArchiveRules(ListArchiveRulesRequest request)
AWSAccessAnalyzer
Retrieves a list of archive rules created for the specified analyzer.
listArchiveRules
in interface AWSAccessAnalyzer
request
- Retrieves a list of archive rules created for the specified analyzer.public ListFindingsResult listFindings(ListFindingsRequest request)
AWSAccessAnalyzer
Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use
access-analyzer:ListFindings
in the Action
element of an IAM policy statement. You must
have permission to perform the access-analyzer:ListFindings
action.
To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.
listFindings
in interface AWSAccessAnalyzer
request
- Retrieves a list of findings generated by the specified analyzer.public ListFindingsV2Result listFindingsV2(ListFindingsV2Request request)
AWSAccessAnalyzer
Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use
access-analyzer:ListFindings
in the Action
element of an IAM policy statement. You must
have permission to perform the access-analyzer:ListFindings
action.
To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.
listFindingsV2
in interface AWSAccessAnalyzer
public ListPolicyGenerationsResult listPolicyGenerations(ListPolicyGenerationsRequest request)
AWSAccessAnalyzer
Lists all of the policy generations requested in the last seven days.
listPolicyGenerations
in interface AWSAccessAnalyzer
public ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest request)
AWSAccessAnalyzer
Retrieves a list of tags applied to the specified resource.
listTagsForResource
in interface AWSAccessAnalyzer
request
- Retrieves a list of tags applied to the specified resource.public StartPolicyGenerationResult startPolicyGeneration(StartPolicyGenerationRequest request)
AWSAccessAnalyzer
Starts the policy generation request.
startPolicyGeneration
in interface AWSAccessAnalyzer
public StartResourceScanResult startResourceScan(StartResourceScanRequest request)
AWSAccessAnalyzer
Immediately starts a scan of the policies applied to the specified resource.
startResourceScan
in interface AWSAccessAnalyzer
request
- Starts a scan of the policies applied to the specified resource.public TagResourceResult tagResource(TagResourceRequest request)
AWSAccessAnalyzer
Adds a tag to the specified resource.
tagResource
in interface AWSAccessAnalyzer
request
- Adds a tag to the specified resource.public UntagResourceResult untagResource(UntagResourceRequest request)
AWSAccessAnalyzer
Removes a tag from the specified resource.
untagResource
in interface AWSAccessAnalyzer
request
- Removes a tag from the specified resource.public UpdateArchiveRuleResult updateArchiveRule(UpdateArchiveRuleRequest request)
AWSAccessAnalyzer
Updates the criteria and values for the specified archive rule.
updateArchiveRule
in interface AWSAccessAnalyzer
request
- Updates the specified archive rule.public UpdateFindingsResult updateFindings(UpdateFindingsRequest request)
AWSAccessAnalyzer
Updates the status for the specified findings.
updateFindings
in interface AWSAccessAnalyzer
request
- Updates findings with the new values provided in the request.public ValidatePolicyResult validatePolicy(ValidatePolicyRequest request)
AWSAccessAnalyzer
Requests the validation of a policy and returns a list of findings. The findings help you identify issues and provide actionable recommendations to resolve the issue and enable you to author functional policies that meet security best practices.
validatePolicy
in interface AWSAccessAnalyzer
public void shutdown()
AWSAccessAnalyzer
shutdown
in interface AWSAccessAnalyzer
public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)
AWSAccessAnalyzer
Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing a request.
getCachedResponseMetadata
in interface AWSAccessAnalyzer
request
- The originally executed request.