AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Container for the parameters to the CheckNoPublicAccess operation. Checks whether a resource policy can grant public access to the specified resource type.

Inheritance Hierarchy

System.Object
  Amazon.Runtime.AmazonWebServiceRequest
    Amazon.AccessAnalyzer.AmazonAccessAnalyzerRequest
      Amazon.AccessAnalyzer.Model.CheckNoPublicAccessRequest

Namespace: Amazon.AccessAnalyzer.Model
Assembly: AWSSDK.AccessAnalyzer.dll
Version: 3.x.y.z

Syntax

C# 
public class CheckNoPublicAccessRequest : AmazonAccessAnalyzerRequest
         IAmazonWebServiceRequest

The CheckNoPublicAccessRequest type exposes the following members

Constructors

NameDescription
Public Method CheckNoPublicAccessRequest()

Properties

NameTypeDescription
Public Property PolicyDocument System.String

Gets and sets the property PolicyDocument.

The JSON policy document to evaluate for public access.

Public Property ResourceType Amazon.AccessAnalyzer.AccessCheckResourceType

Gets and sets the property ResourceType.

The type of resource to evaluate for public access. For example, to check for public access to Amazon S3 buckets, you can choose AWS::S3::Bucket for the resource type.

For resource types not supported as valid values, IAM Access Analyzer will return an error.

Examples

Passing check. S3 Bucket policy without public access.


var client = new AmazonAccessAnalyzerClient();
var response = client.CheckAccessNotGranted(new CheckAccessNotGrantedRequest 
{
    Access = new List<Access> {
        new Access { Actions = new List<string> {
            "s3:PutObject"
        } }
    },
    PolicyDocument = "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:GetObject\",\"Resource\":\"*\"}]}",
    PolicyType = "RESOURCE_POLICY"
});

string message = response.Message;
string result = response.Result;

Failing check. S3 Bucket policy with public access.


var client = new AmazonAccessAnalyzerClient();
var response = client.CheckAccessNotGranted(new CheckAccessNotGrantedRequest 
{
    Access = new List<Access> {
        new Access { Resources = new List<string> {
            "arn:aws:s3:::sensitive-bucket/*"
        } }
    },
    PolicyDocument = "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::non-sensitive-bucket/*\"}]}",
    PolicyType = "RESOURCE_POLICY"
});

string message = response.Message;
string result = response.Result;

Version Information

.NET:
Supported in: 8.0 and newer, Core 3.1

.NET Standard:
Supported in: 2.0

.NET Framework:
Supported in: 4.5 and newer, 3.5