com.amazonaws.services.accessanalyzer

Class AWSAccessAnalyzerClient

java.lang.Object

com.amazonaws.AmazonWebServiceClient

com.amazonaws.services.accessanalyzer.AWSAccessAnalyzerClient

All Implemented Interfaces:

AWSAccessAnalyzer

Direct Known Subclasses:

AWSAccessAnalyzerAsyncClient

@ThreadSafe
 @Generated(value="com.amazonaws:aws-java-sdk-code-generator")
public class AWSAccessAnalyzerClient
extends AmazonWebServiceClient
implements AWSAccessAnalyzer

Client for accessing Access Analyzer. All service calls made using this client are blocking, and will not return until the service call completes.

Identity and Access Management Access Analyzer helps you to set, verify, and refine your IAM policies by providing a suite of capabilities. Its features include findings for external and unused access, basic and custom policy checks for validating policies, and policy generation to generate fine-grained policies. To start using IAM Access Analyzer to identify external or unused access, you first need to create an analyzer.

External access analyzers help identify potential risks of accessing resources by enabling you to identify any resource policies that grant access to an external principal. It does this by using logic-based reasoning to analyze resource-based policies in your Amazon Web Services environment. An external principal can be another Amazon Web Services account, a root user, an IAM user or role, a federated user, an Amazon Web Services service, or an anonymous user. You can also use IAM Access Analyzer to preview public and cross-account access to your resources before deploying permissions changes.

Unused access analyzers help identify potential identity access risks by enabling you to identify unused IAM roles, unused access keys, unused console passwords, and IAM principals with unused service and action-level permissions.

Beyond findings, IAM Access Analyzer provides basic and custom policy checks to validate IAM policies before deploying permissions changes. You can use policy generation to refine permissions by attaching a policy generated using access activity logged in CloudTrail logs.

This guide describes the IAM Access Analyzer operations that you can call programmatically. For general information about IAM Access Analyzer, see Identity and Access Management Access Analyzer in the IAM User Guide.

Field Summary

Fields inherited from class com.amazonaws.AmazonWebServiceClient

LOGGING_AWS_REQUEST_METRIC

Fields inherited from interface com.amazonaws.services.accessanalyzer.AWSAccessAnalyzer

ENDPOINT_PREFIX

Method Summary

Modifier and Type	Method and Description
ApplyArchiveRuleResult	applyArchiveRule(ApplyArchiveRuleRequest request) Retroactively applies the archive rule to existing findings that meet the archive rule criteria.
static AWSAccessAnalyzerClientBuilder	builder()
CancelPolicyGenerationResult	cancelPolicyGeneration(CancelPolicyGenerationRequest request) Cancels the requested policy generation.
CheckAccessNotGrantedResult	checkAccessNotGranted(CheckAccessNotGrantedRequest request) Checks whether the specified access isn't allowed by a policy.
CheckNoNewAccessResult	checkNoNewAccess(CheckNoNewAccessRequest request) Checks whether new access is allowed for an updated policy when compared to the existing policy.
CheckNoPublicAccessResult	checkNoPublicAccess(CheckNoPublicAccessRequest request) Checks whether a resource policy can grant public access to the specified resource type.
CreateAccessPreviewResult	createAccessPreview(CreateAccessPreviewRequest request) Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.
CreateAnalyzerResult	createAnalyzer(CreateAnalyzerRequest request) Creates an analyzer for your account.
CreateArchiveRuleResult	createArchiveRule(CreateArchiveRuleRequest request) Creates an archive rule for the specified analyzer.
DeleteAnalyzerResult	deleteAnalyzer(DeleteAnalyzerRequest request) Deletes the specified analyzer.
DeleteArchiveRuleResult	deleteArchiveRule(DeleteArchiveRuleRequest request) Deletes the specified archive rule.
GenerateFindingRecommendationResult	generateFindingRecommendation(GenerateFindingRecommendationRequest request) Creates a recommendation for an unused permissions finding.
GetAccessPreviewResult	getAccessPreview(GetAccessPreviewRequest request) Retrieves information about an access preview for the specified analyzer.
GetAnalyzedResourceResult	getAnalyzedResource(GetAnalyzedResourceRequest request) Retrieves information about a resource that was analyzed.
GetAnalyzerResult	getAnalyzer(GetAnalyzerRequest request) Retrieves information about the specified analyzer.
GetArchiveRuleResult	getArchiveRule(GetArchiveRuleRequest request) Retrieves information about an archive rule.
ResponseMetadata	getCachedResponseMetadata(AmazonWebServiceRequest request) Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected.
GetFindingResult	getFinding(GetFindingRequest request) Retrieves information about the specified finding.
GetFindingRecommendationResult	getFindingRecommendation(GetFindingRecommendationRequest request) Retrieves information about a finding recommendation for the specified analyzer.
GetFindingV2Result	getFindingV2(GetFindingV2Request request) Retrieves information about the specified finding.
GetGeneratedPolicyResult	getGeneratedPolicy(GetGeneratedPolicyRequest request) Retrieves the policy that was generated using StartPolicyGeneration.
ListAccessPreviewFindingsResult	listAccessPreviewFindings(ListAccessPreviewFindingsRequest request) Retrieves a list of access preview findings generated by the specified access preview.
ListAccessPreviewsResult	listAccessPreviews(ListAccessPreviewsRequest request) Retrieves a list of access previews for the specified analyzer.
ListAnalyzedResourcesResult	listAnalyzedResources(ListAnalyzedResourcesRequest request) Retrieves a list of resources of the specified type that have been analyzed by the specified external access analyzer.
ListAnalyzersResult	listAnalyzers(ListAnalyzersRequest request) Retrieves a list of analyzers.
ListArchiveRulesResult	listArchiveRules(ListArchiveRulesRequest request) Retrieves a list of archive rules created for the specified analyzer.
ListFindingsResult	listFindings(ListFindingsRequest request) Retrieves a list of findings generated by the specified analyzer.
ListFindingsV2Result	listFindingsV2(ListFindingsV2Request request) Retrieves a list of findings generated by the specified analyzer.
ListPolicyGenerationsResult	listPolicyGenerations(ListPolicyGenerationsRequest request) Lists all of the policy generations requested in the last seven days.
ListTagsForResourceResult	listTagsForResource(ListTagsForResourceRequest request) Retrieves a list of tags applied to the specified resource.
void	shutdown() Shuts down this client object, releasing any resources that might be held open.
StartPolicyGenerationResult	startPolicyGeneration(StartPolicyGenerationRequest request) Starts the policy generation request.
StartResourceScanResult	startResourceScan(StartResourceScanRequest request) Immediately starts a scan of the policies applied to the specified resource.
TagResourceResult	tagResource(TagResourceRequest request) Adds a tag to the specified resource.
UntagResourceResult	untagResource(UntagResourceRequest request) Removes a tag from the specified resource.
UpdateArchiveRuleResult	updateArchiveRule(UpdateArchiveRuleRequest request) Updates the criteria and values for the specified archive rule.
UpdateFindingsResult	updateFindings(UpdateFindingsRequest request) Updates the status for the specified findings.
ValidatePolicyResult	validatePolicy(ValidatePolicyRequest request) Requests the validation of a policy and returns a list of findings.

Methods inherited from class com.amazonaws.AmazonWebServiceClient

addRequestHandler, addRequestHandler, configureRegion, getClientConfiguration, getEndpointPrefix, getMonitoringListeners, getRequestMetricsCollector, getServiceName, getSignerByURI, getSignerOverride, getSignerRegionOverride, getTimeOffset, makeImmutable, removeRequestHandler, removeRequestHandler, setEndpoint, setEndpoint, setRegion, setServiceNameIntern, setSignerRegionOverride, setTimeOffset, withEndpoint, withRegion, withRegion, withTimeOffset

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

builder

public static AWSAccessAnalyzerClientBuilder builder()

applyArchiveRule

public ApplyArchiveRuleResult applyArchiveRule(ApplyArchiveRuleRequest request)

Retroactively applies the archive rule to existing findings that meet the archive rule criteria.

Specified by:

applyArchiveRule in interface AWSAccessAnalyzer

Parameters:

applyArchiveRuleRequest - Retroactively applies an archive rule.

Returns:

Result of the ApplyArchiveRule operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

cancelPolicyGeneration

public CancelPolicyGenerationResult cancelPolicyGeneration(CancelPolicyGenerationRequest request)

Cancels the requested policy generation.

Specified by:

cancelPolicyGeneration in interface AWSAccessAnalyzer

Parameters:

cancelPolicyGenerationRequest -

Returns:

Result of the CancelPolicyGeneration operation returned by the service.

Throws:

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

checkAccessNotGranted

public CheckAccessNotGrantedResult checkAccessNotGranted(CheckAccessNotGrantedRequest request)

Checks whether the specified access isn't allowed by a policy.

Specified by:

checkAccessNotGranted in interface AWSAccessAnalyzer

Parameters:

checkAccessNotGrantedRequest -

Returns:

Result of the CheckAccessNotGranted operation returned by the service.

Throws:

ValidationException - Validation exception error.

InternalServerException - Internal server error.

InvalidParameterException - The specified parameter is invalid.

UnprocessableEntityException - The specified entity could not be processed.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

checkNoNewAccess

public CheckNoNewAccessResult checkNoNewAccess(CheckNoNewAccessRequest request)

Checks whether new access is allowed for an updated policy when compared to the existing policy.

You can find examples for reference policies and learn how to set up and run a custom policy check for new access in the IAM Access Analyzer custom policy checks samples repository on GitHub. The reference policies in this repository are meant to be passed to the existingPolicyDocument request parameter.

Specified by:

checkNoNewAccess in interface AWSAccessAnalyzer

Parameters:

checkNoNewAccessRequest -

Returns:

Result of the CheckNoNewAccess operation returned by the service.

Throws:

ValidationException - Validation exception error.

InternalServerException - Internal server error.

InvalidParameterException - The specified parameter is invalid.

UnprocessableEntityException - The specified entity could not be processed.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

checkNoPublicAccess

public CheckNoPublicAccessResult checkNoPublicAccess(CheckNoPublicAccessRequest request)

Checks whether a resource policy can grant public access to the specified resource type.

Specified by:

checkNoPublicAccess in interface AWSAccessAnalyzer

Parameters:

checkNoPublicAccessRequest -

Returns:

Result of the CheckNoPublicAccess operation returned by the service.

Throws:

ValidationException - Validation exception error.

InternalServerException - Internal server error.

InvalidParameterException - The specified parameter is invalid.

UnprocessableEntityException - The specified entity could not be processed.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

createAccessPreview

public CreateAccessPreviewResult createAccessPreview(CreateAccessPreviewRequest request)

Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.

Specified by:

createAccessPreview in interface AWSAccessAnalyzer

Parameters:

createAccessPreviewRequest -

Returns:

Result of the CreateAccessPreview operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ConflictException - A conflict exception error.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ServiceQuotaExceededException - Service quote met error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

createAnalyzer

public CreateAnalyzerResult createAnalyzer(CreateAnalyzerRequest request)

Creates an analyzer for your account.

Specified by:

createAnalyzer in interface AWSAccessAnalyzer

Parameters:

createAnalyzerRequest - Creates an analyzer.

Returns:

Result of the CreateAnalyzer operation returned by the service.

Throws:

ConflictException - A conflict exception error.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ServiceQuotaExceededException - Service quote met error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

createArchiveRule

public CreateArchiveRuleResult createArchiveRule(CreateArchiveRuleRequest request)

Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.

To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.

Specified by:

createArchiveRule in interface AWSAccessAnalyzer

Parameters:

createArchiveRuleRequest - Creates an archive rule.

Returns:

Result of the CreateArchiveRule operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ConflictException - A conflict exception error.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ServiceQuotaExceededException - Service quote met error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

deleteAnalyzer

public DeleteAnalyzerResult deleteAnalyzer(DeleteAnalyzerRequest request)

Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.

Specified by:

deleteAnalyzer in interface AWSAccessAnalyzer

Parameters:

deleteAnalyzerRequest - Deletes an analyzer.

Returns:

Result of the DeleteAnalyzer operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

deleteArchiveRule

public DeleteArchiveRuleResult deleteArchiveRule(DeleteArchiveRuleRequest request)

Deletes the specified archive rule.

Specified by:

deleteArchiveRule in interface AWSAccessAnalyzer

Parameters:

deleteArchiveRuleRequest - Deletes an archive rule.

Returns:

Result of the DeleteArchiveRule operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

generateFindingRecommendation

public GenerateFindingRecommendationResult generateFindingRecommendation(GenerateFindingRecommendationRequest request)

Creates a recommendation for an unused permissions finding.

Specified by:

generateFindingRecommendation in interface AWSAccessAnalyzer

Parameters:

generateFindingRecommendationRequest -

Returns:

Result of the GenerateFindingRecommendation operation returned by the service.

Throws:

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

getAccessPreview

public GetAccessPreviewResult getAccessPreview(GetAccessPreviewRequest request)

Retrieves information about an access preview for the specified analyzer.

Specified by:

getAccessPreview in interface AWSAccessAnalyzer

Parameters:

getAccessPreviewRequest -

Returns:

Result of the GetAccessPreview operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

getAnalyzedResource

public GetAnalyzedResourceResult getAnalyzedResource(GetAnalyzedResourceRequest request)

Retrieves information about a resource that was analyzed.

Specified by:

getAnalyzedResource in interface AWSAccessAnalyzer

Parameters:

getAnalyzedResourceRequest - Retrieves an analyzed resource.

Returns:

Result of the GetAnalyzedResource operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

getAnalyzer

public GetAnalyzerResult getAnalyzer(GetAnalyzerRequest request)

Retrieves information about the specified analyzer.

Specified by:

getAnalyzer in interface AWSAccessAnalyzer

Parameters:

getAnalyzerRequest - Retrieves an analyzer.

Returns:

Result of the GetAnalyzer operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

getArchiveRule

public GetArchiveRuleResult getArchiveRule(GetArchiveRuleRequest request)

Retrieves information about an archive rule.

To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.

Specified by:

getArchiveRule in interface AWSAccessAnalyzer

Parameters:

getArchiveRuleRequest - Retrieves an archive rule.

Returns:

Result of the GetArchiveRule operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

getFinding

public GetFindingResult getFinding(GetFindingRequest request)

Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.

Specified by:

getFinding in interface AWSAccessAnalyzer

Parameters:

getFindingRequest - Retrieves a finding.

Returns:

Result of the GetFinding operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

getFindingRecommendation

public GetFindingRecommendationResult getFindingRecommendation(GetFindingRecommendationRequest request)

Retrieves information about a finding recommendation for the specified analyzer.

Specified by:

getFindingRecommendation in interface AWSAccessAnalyzer

Parameters:

getFindingRecommendationRequest -

Returns:

Result of the GetFindingRecommendation operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

getFindingV2

public GetFindingV2Result getFindingV2(GetFindingV2Request request)

Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.

Specified by:

getFindingV2 in interface AWSAccessAnalyzer

Parameters:

getFindingV2Request -

Returns:

Result of the GetFindingV2 operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

getGeneratedPolicy

public GetGeneratedPolicyResult getGeneratedPolicy(GetGeneratedPolicyRequest request)

Retrieves the policy that was generated using StartPolicyGeneration.

Specified by:

getGeneratedPolicy in interface AWSAccessAnalyzer

Parameters:

getGeneratedPolicyRequest -

Returns:

Result of the GetGeneratedPolicy operation returned by the service.

Throws:

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listAccessPreviewFindings

public ListAccessPreviewFindingsResult listAccessPreviewFindings(ListAccessPreviewFindingsRequest request)

Retrieves a list of access preview findings generated by the specified access preview.

Specified by:

listAccessPreviewFindings in interface AWSAccessAnalyzer

Parameters:

listAccessPreviewFindingsRequest -

Returns:

Result of the ListAccessPreviewFindings operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ConflictException - A conflict exception error.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listAccessPreviews

public ListAccessPreviewsResult listAccessPreviews(ListAccessPreviewsRequest request)

Retrieves a list of access previews for the specified analyzer.

Specified by:

listAccessPreviews in interface AWSAccessAnalyzer

Parameters:

listAccessPreviewsRequest -

Returns:

Result of the ListAccessPreviews operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listAnalyzedResources

public ListAnalyzedResourcesResult listAnalyzedResources(ListAnalyzedResourcesRequest request)

Retrieves a list of resources of the specified type that have been analyzed by the specified external access analyzer. This action is not supported for unused access analyzers.

Specified by:

listAnalyzedResources in interface AWSAccessAnalyzer

Parameters:

listAnalyzedResourcesRequest - Retrieves a list of resources that have been analyzed.

Returns:

Result of the ListAnalyzedResources operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listAnalyzers

public ListAnalyzersResult listAnalyzers(ListAnalyzersRequest request)

Retrieves a list of analyzers.

Specified by:

listAnalyzers in interface AWSAccessAnalyzer

Parameters:

listAnalyzersRequest - Retrieves a list of analyzers.

Returns:

Result of the ListAnalyzers operation returned by the service.

Throws:

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listArchiveRules

public ListArchiveRulesResult listArchiveRules(ListArchiveRulesRequest request)

Retrieves a list of archive rules created for the specified analyzer.

Specified by:

listArchiveRules in interface AWSAccessAnalyzer

Parameters:

listArchiveRulesRequest - Retrieves a list of archive rules created for the specified analyzer.

Returns:

Result of the ListArchiveRules operation returned by the service.

Throws:

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listFindings

public ListFindingsResult listFindings(ListFindingsRequest request)

Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use access-analyzer:ListFindings in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:ListFindings action.

To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.

Specified by:

listFindings in interface AWSAccessAnalyzer

Parameters:

listFindingsRequest - Retrieves a list of findings generated by the specified analyzer.

Returns:

Result of the ListFindings operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listFindingsV2

public ListFindingsV2Result listFindingsV2(ListFindingsV2Request request)

Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use access-analyzer:ListFindings in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:ListFindings action.

To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.

Specified by:

listFindingsV2 in interface AWSAccessAnalyzer

Parameters:

listFindingsV2Request -

Returns:

Result of the ListFindingsV2 operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listPolicyGenerations

public ListPolicyGenerationsResult listPolicyGenerations(ListPolicyGenerationsRequest request)

Lists all of the policy generations requested in the last seven days.

Specified by:

listPolicyGenerations in interface AWSAccessAnalyzer

Parameters:

listPolicyGenerationsRequest -

Returns:

Result of the ListPolicyGenerations operation returned by the service.

Throws:

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listTagsForResource

public ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest request)

Retrieves a list of tags applied to the specified resource.

Specified by:

listTagsForResource in interface AWSAccessAnalyzer

Parameters:

listTagsForResourceRequest - Retrieves a list of tags applied to the specified resource.

Returns:

Result of the ListTagsForResource operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

startPolicyGeneration

public StartPolicyGenerationResult startPolicyGeneration(StartPolicyGenerationRequest request)

Starts the policy generation request.

Specified by:

startPolicyGeneration in interface AWSAccessAnalyzer

Parameters:

startPolicyGenerationRequest -

Returns:

Result of the StartPolicyGeneration operation returned by the service.

Throws:

ConflictException - A conflict exception error.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ServiceQuotaExceededException - Service quote met error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

startResourceScan

public StartResourceScanResult startResourceScan(StartResourceScanRequest request)

Immediately starts a scan of the policies applied to the specified resource.

Specified by:

startResourceScan in interface AWSAccessAnalyzer

Parameters:

startResourceScanRequest - Starts a scan of the policies applied to the specified resource.

Returns:

Result of the StartResourceScan operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

tagResource

public TagResourceResult tagResource(TagResourceRequest request)

Adds a tag to the specified resource.

Specified by:

tagResource in interface AWSAccessAnalyzer

Parameters:

tagResourceRequest - Adds a tag to the specified resource.

Returns:

Result of the TagResource operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

untagResource

public UntagResourceResult untagResource(UntagResourceRequest request)

Removes a tag from the specified resource.

Specified by:

untagResource in interface AWSAccessAnalyzer

Parameters:

untagResourceRequest - Removes a tag from the specified resource.

Returns:

Result of the UntagResource operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

updateArchiveRule

public UpdateArchiveRuleResult updateArchiveRule(UpdateArchiveRuleRequest request)

Updates the criteria and values for the specified archive rule.

Specified by:

updateArchiveRule in interface AWSAccessAnalyzer

Parameters:

updateArchiveRuleRequest - Updates the specified archive rule.

Returns:

Result of the UpdateArchiveRule operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

updateFindings

public UpdateFindingsResult updateFindings(UpdateFindingsRequest request)

Updates the status for the specified findings.

Specified by:

updateFindings in interface AWSAccessAnalyzer

Parameters:

updateFindingsRequest - Updates findings with the new values provided in the request.

Returns:

Result of the UpdateFindings operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource could not be found.

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

validatePolicy

public ValidatePolicyResult validatePolicy(ValidatePolicyRequest request)

Requests the validation of a policy and returns a list of findings. The findings help you identify issues and provide actionable recommendations to resolve the issue and enable you to author functional policies that meet security best practices.

Specified by:

validatePolicy in interface AWSAccessAnalyzer

Parameters:

validatePolicyRequest -

Returns:

Result of the ValidatePolicy operation returned by the service.

Throws:

ValidationException - Validation exception error.

InternalServerException - Internal server error.

ThrottlingException - Throttling limit exceeded error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

getCachedResponseMetadata

public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)

Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected. This data isn't considered part of the result data returned by an operation, so it's available through this separate, diagnostic interface.

Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing the request.

Specified by:

getCachedResponseMetadata in interface AWSAccessAnalyzer

Parameters:

request - The originally executed request

Returns:

The response metadata for the specified request, or null if none is available.

shutdown

public void shutdown()

Description copied from class: AmazonWebServiceClient

Shuts down this client object, releasing any resources that might be held open. If this method is not invoked, resources may be leaked. Once a client has been shutdown, it should not be used to make any more requests.

Specified by:

shutdown in interface AWSAccessAnalyzer

Overrides:

shutdown in class AmazonWebServiceClient