API for Access Analyzer¶
| ABAP Package | /AWS1/API_AAN_IMPL |
|---|---|
| ABAP SDK "TLA" | AAN |
| ABAP Interface | /AWS1/IF_AAN |
The "TLA" is a Three Letter Abbreviation that appears in ABAP class names, data dictionary
objects and other ABAP objects throughout the AWS SDK for SAP ABAP. The TLA for Access Analyzer is AAN.
This TLA helps squeeze ABAP objects into the 30-character length limit of the ABAP data dictionary.
Installation¶
To install the AWS SDK for SAP ABAP, import the Core transport, along with the transport for the AccessAnalyzer module and other API modules you are interested in. A few modules are included in the Core transport itself. For more information, see the Developer Guide guide.
About The Service¶
Identity and Access Management Access Analyzer helps identify potential resource-access risks by enabling you to identify any policies that grant access to an external principal. It does this by using logic-based reasoning to analyze resource-based policies in your Amazon Web Services environment. An external principal can be another Amazon Web Services account, a root user, an IAM user or role, a federated user, an Amazon Web Services service, or an anonymous user. You can also use IAM Access Analyzer to preview and validate public and cross-account access to your resources before deploying permissions changes. This guide describes the Identity and Access Management Access Analyzer operations that you can call programmatically. For general information about IAM Access Analyzer, see Identity and Access Management Access Analyzer in the IAM User Guide.
To start using IAM Access Analyzer, you first need to create an analyzer.
Using the SDK¶
In your code, create a client using the SDK module for Access Analyzer, which is created with
factory method /AWS1/CL_AAN_FACTORY=>create().
In this example we will assume you have configured
an SDK profile in transaction /AWS1/IMG called ZFINANCE.
DATA(go_session) = /aws1/cl_rt_session_aws=>create( 'ZFINANCE' ).
DATA(go_aan) = /aws1/cl_aan_factory=>create( go_session ).
Your variable go_aan is an instance of /AWS1/IF_AAN,
and all of the operations
in the Access Analyzer service are accessed by calling methods in /AWS1/IF_AAN.
API Operations¶
For an overview of ABAP method calls corresponding to API operations in Access Analyzer, see the Operation List.
Factory Method¶
/AWS1/CL_AAN_FACTORY=>create( )¶
Creates an object of type /AWS1/IF_AAN.
IMPORTING¶
Required arguments:¶
IO_SESSION TYPE REF TO /AWS1/CL_RT_SESSION_BASE¶
Optional arguments:¶
IV_PROTOCOL TYPE /AWS1/RT_PROTOCOL¶
IV_REGION TYPE /AWS1/RT_REGION_ID¶
IV_CUSTOM_ENDPOINT TYPE /AWS1/RT_ENDPOINT¶
RETURNING¶
OO_CLIENT TYPE REF TO /AWS1/IF_AAN¶
/AWS1/IF_AANrepresents the ABAP client for the AccessAnalyzer service, representing each operation as a method call. For more information see the API Page page.
Configuring Programmatically¶
DATA(lo_config) = DATA(go_aan)->get_config( ).
lo_config is a variable of type /AWS1/CL_AAN_CONFIG. See the documentation for /AWS1/CL_AAN_CONFIG for
details on the settings that can be configured.
Paginators¶
Paginators for Access Analyzer can be created via get_paginator() which returns a paginator object of type /AWS1/IF_AAN_PAGINATOR. The operation method that is being paginated is called using the paginator object, which accepts any necessary parameters to provide to the underlying API operation. This returns an iterator object which can be used to iterate over paginated results using has_next() and get_next() methods.
Details about the paginator methods available for service Access Analyzer can be found in interface /AWS1/IF_AAN_PAGINATOR.