AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Checks whether a resource policy can grant public access to the specified resource type.

Note:

For .NET Core this operation is only available in asynchronous form. Please refer to CheckNoPublicAccessAsync.

Namespace: Amazon.AccessAnalyzer
Assembly: AWSSDK.AccessAnalyzer.dll
Version: 3.x.y.z

Syntax

C# 
public abstract CheckNoPublicAccessResponse CheckNoPublicAccess(
         CheckNoPublicAccessRequest request
)

Parameters

request
Type: Amazon.AccessAnalyzer.Model.CheckNoPublicAccessRequest

Container for the necessary parameters to execute the CheckNoPublicAccess service method.

Return Value


Type: CheckNoPublicAccessResponse
The response from the CheckNoPublicAccess service method, as returned by AccessAnalyzer.

Exceptions

ExceptionCondition
AccessDeniedException You do not have sufficient access to perform this action.
InternalServerException Internal server error.
InvalidParameterException The specified parameter is invalid.
ThrottlingException Throttling limit exceeded error.
UnprocessableEntityException The specified entity could not be processed.
ValidationException Validation exception error.

Examples

Passing check. S3 Bucket policy without public access.


var client = new AmazonAccessAnalyzerClient();
var response = client.CheckAccessNotGranted(new CheckAccessNotGrantedRequest 
{
    Access = new List<Access> {
        new Access { Actions = new List<string> {
            "s3:PutObject"
        } }
    },
    PolicyDocument = "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:GetObject\",\"Resource\":\"*\"}]}",
    PolicyType = "RESOURCE_POLICY"
});

string message = response.Message;
string result = response.Result;

Failing check. S3 Bucket policy with public access.


var client = new AmazonAccessAnalyzerClient();
var response = client.CheckAccessNotGranted(new CheckAccessNotGrantedRequest 
{
    Access = new List<Access> {
        new Access { Resources = new List<string> {
            "arn:aws:s3:::sensitive-bucket/*"
        } }
    },
    PolicyDocument = "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::non-sensitive-bucket/*\"}]}",
    PolicyType = "RESOURCE_POLICY"
});

string message = response.Message;
string result = response.Result;

Version Information

.NET Framework:
Supported in: 4.5 and newer, 3.5

See Also

REST API Reference for CheckNoPublicAccess Operation