URI Request Parameters
The request uses the following URI parameters.
analyzerName (p. 14)
The name of the created analyzer.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: [A-Za-z][A-Za-z0-9_.-]*
Required: Yes
Request Body
The request accepts the following data in JSON format.
clientToken (p. 14) A client token.
Type: String Required: No filter (p. 14)
The criteria for the rule.
Type: String to Criterion (p. 100) object map
Response Syntax
Required: Yes ruleName (p. 14)
The name of the rule to create.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: [A-Za-z][A-Za-z0-9_.-]*
Required: Yes
Response Syntax
HTTP/1.1 200
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 147).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403 ConflictException
A conflict exception error.
HTTP Status Code: 409 InternalServerException
Internal server error.
HTTP Status Code: 500 ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404 ServiceQuotaExceededException
Service quote met error.
HTTP Status Code: 402 ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429
See Also
ValidationException
Validation exception error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
DeleteAnalyzer
DeleteAnalyzer
Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.
Request Syntax
DELETE /analyzer/analyzerName?clientToken=clientToken HTTP/1.1
URI Request Parameters
The request uses the following URI parameters.
analyzerName (p. 17)
The name of the analyzer to delete.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: [A-Za-z][A-Za-z0-9_.-]*
Required: Yes clientToken (p. 17)
A client token.
Request Body
The request does not have a request body.
Response Syntax
HTTP/1.1 200
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 147).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403 InternalServerException
Internal server error.
See Also
HTTP Status Code: 500 ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404 ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429 ValidationException
Validation exception error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
DeleteArchiveRule
DeleteArchiveRule
Deletes the specified archive rule.
Request Syntax
DELETE /analyzer/analyzerName/archive-rule/ruleName?clientToken=clientToken HTTP/1.1
URI Request Parameters
The request uses the following URI parameters.
analyzerName (p. 19)
The name of the analyzer that associated with the archive rule to delete.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: [A-Za-z][A-Za-z0-9_.-]*
Required: Yes clientToken (p. 19)
A client token.
ruleName (p. 19)
The name of the rule to delete.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: [A-Za-z][A-Za-z0-9_.-]*
Required: Yes
Request Body
The request does not have a request body.
Response Syntax
HTTP/1.1 200
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 147).
AccessDeniedException
You do not have sufficient access to perform this action.
See Also
HTTP Status Code: 403 InternalServerException
Internal server error.
HTTP Status Code: 500 ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404 ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429 ValidationException
Validation exception error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
GetAccessPreview
GetAccessPreview
Retrieves information about an access preview for the specified analyzer.
Request Syntax
GET /access-preview/accessPreviewId?analyzerArn=analyzerArn HTTP/1.1
URI Request Parameters
The request uses the following URI parameters.
accessPreviewId (p. 21)
The unique ID for the access preview.
Pattern: [a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}
Required: Yes analyzerArn (p. 21)
The ARN of the analyzer used to generate the access preview.
Pattern: [^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}
Required: Yes
Request Body
The request does not have a request body.
Response Syntax
HTTP/1.1 200
Content-type: application/json { "accessPreview": {
"analyzerArn": "string", "configurations": {
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Errors
accessPreview (p. 21)
An object that contains information about the access preview.
Type: AccessPreview (p. 82) object
Errors
For information about the errors that are common to all actions, see Common Errors (p. 147).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403 InternalServerException
Internal server error.
HTTP Status Code: 500 ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404 ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429 ValidationException
Validation exception error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
GetAnalyzedResource
GetAnalyzedResource
Retrieves information about a resource that was analyzed.
Request Syntax
GET /analyzed-resource?analyzerArn=analyzerArn&resourceArn=resourceArn HTTP/1.1
URI Request Parameters
The request uses the following URI parameters.
analyzerArn (p. 24)
The ARN of the analyzer to retrieve information from.
Pattern: [^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}
Required: Yes resourceArn (p. 24)
The ARN of the resource to retrieve information about.
Pattern: arn:[^:]*:[^:]*:[^:]*:[^:]*:.*
Required: Yes
Request Body
The request does not have a request body.
Response Syntax
"resourceArn": "string","resourceOwnerAccount": "string", "resourceType": "string",
"sharedVia": [ "string" ],
If the action is successful, the service sends back an HTTP 200 response.
Errors
The following data is returned in JSON format by the service.
resource (p. 24)
An AnalyzedResource object that contains information that IAM Access Analyzer found when it analyzed the resource.
Type: AnalyzedResource (p. 91) object
Errors
For information about the errors that are common to all actions, see Common Errors (p. 147).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403 InternalServerException
Internal server error.
HTTP Status Code: 500 ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404 ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429 ValidationException
Validation exception error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
GetAnalyzer
GetAnalyzer
Retrieves information about the specified analyzer.
Request Syntax
GET /analyzer/analyzerName HTTP/1.1
URI Request Parameters
The request uses the following URI parameters.
analyzerName (p. 26)
The name of the analyzer retrieved.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: [A-Za-z][A-Za-z0-9_.-]*
Required: Yes
Request Body
The request does not have a request body.
Response Syntax
"lastResourceAnalyzed": "string", "lastResourceAnalyzedAt": number, "name": "string",
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Errors
analyzer (p. 26)
An AnalyzerSummary object that contains information about the analyzer.
Type: AnalyzerSummary (p. 94) object
Errors
For information about the errors that are common to all actions, see Common Errors (p. 147).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403 InternalServerException
Internal server error.
HTTP Status Code: 500 ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404 ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429 ValidationException
Validation exception error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
GetArchiveRule
GetArchiveRule
Retrieves information about an archive rule.
To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.
Request Syntax
GET /analyzer/analyzerName/archive-rule/ruleName HTTP/1.1
URI Request Parameters
The request uses the following URI parameters.
analyzerName (p. 28)
The name of the analyzer to retrieve rules from.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: [A-Za-z][A-Za-z0-9_.-]*
Required: Yes ruleName (p. 28)
The name of the rule to retrieve.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: [A-Za-z][A-Za-z0-9_.-]*
Required: Yes
Request Body
The request does not have a request body.
Response Syntax
Response Elements
"updatedAt": number }}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
archiveRule (p. 28)
Contains information about an archive rule.
Type: ArchiveRuleSummary (p. 96) object
Errors
For information about the errors that are common to all actions, see Common Errors (p. 147).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403 InternalServerException
Internal server error.
HTTP Status Code: 500 ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404 ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429 ValidationException
Validation exception error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
See Also
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
GetFinding
GetFinding
Retrieves information about the specified finding.
Request Syntax
GET /finding/id?analyzerArn=analyzerArn HTTP/1.1
URI Request Parameters
The request uses the following URI parameters.
analyzerArn (p. 31)
The ARN of the analyzer that generated the finding.
Pattern: [^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}
Required: Yes id (p. 31)
The ID of the finding to retrieve.
Required: Yes
Request Body
The request does not have a request body.
Response Syntax
"resourceOwnerAccount": "string", "resourceType": "string",
"sources": [ {
"detail": {
"accessPointArn": "string"
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
finding (p. 31)
A finding object that contains finding details.
Type: Finding (p. 101) object
Errors
For information about the errors that are common to all actions, see Common Errors (p. 147).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403 InternalServerException
Internal server error.
HTTP Status Code: 500 ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404 ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429 ValidationException
Validation exception error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
See Also
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
GetGeneratedPolicy
GetGeneratedPolicy
Retrieves the policy that was generated using StartPolicyGeneration.
Request Syntax
GET /policy/generation/jobId?
includeResourcePlaceholders=includeResourcePlaceholders&includeServiceLevelTemplate=includeServiceLevelTemplate HTTP/1.1
URI Request Parameters
The request uses the following URI parameters.
includeResourcePlaceholders (p. 34)
The level of detail that you want to generate. You can specify whether to generate policies with placeholders for resource ARNs for actions that support resource level granularity in policies.
For example, in the resource section of a policy, you can receive a placeholder such as
"Resource":"arn:aws:s3:::${BucketName}" instead of "*".
includeServiceLevelTemplate (p. 34)
The level of detail that you want to generate. You can specify whether to generate service-level policies.
IAM Access Analyzer uses iam:servicelastaccessed to identify services that have been used recently to create this service-level template.
jobId (p. 34)
The JobId that is returned by the StartPolicyGeneration operation. The JobId can be used with GetGeneratedPolicy to retrieve the generated policies or used with CancelPolicyGeneration to cancel the policy generation request.
Required: Yes
Request Body
The request does not have a request body.
Response Syntax
HTTP/1.1 200
Content-type: application/json { "generatedPolicyResult": { "generatedPolicies": [
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
generatedPolicyResult (p. 34)
A GeneratedPolicyResult object that contains the generated policies and associated details.
Type: GeneratedPolicyResult (p. 111) object jobDetails (p. 34)
A GeneratedPolicyDetails object that contains details about the generated policy.
Type: JobDetails (p. 115) object
Errors
For information about the errors that are common to all actions, see Common Errors (p. 147).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403 InternalServerException
Internal server error.
HTTP Status Code: 500 ThrottlingException
Throttling limit exceeded error.
See Also
HTTP Status Code: 429 ValidationException
Validation exception error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
ListAccessPreviewFindings
ListAccessPreviewFindings
Retrieves a list of access preview findings generated by the specified access preview.
Request Syntax
POST /access-preview/accessPreviewId HTTP/1.1 Content-type: application/json
{
"analyzerArn": "string", "filter": {
"maxResults": number, "nextToken": "string"
}
URI Request Parameters
The request uses the following URI parameters.
accessPreviewId (p. 37)
The unique ID for the access preview.
Pattern: [a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}
Required: Yes
Request Body
The request accepts the following data in JSON format.
analyzerArn (p. 37)
The ARN of the analyzer used to generate the access.
Type: String
Pattern: [^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}
Required: Yes filter (p. 37)
Criteria to filter the returned findings.
Type: String to Criterion (p. 100) object map Required: No
Response Syntax
maxResults (p. 37)
The maximum number of results to return in the response.
Type: Integer Required: No nextToken (p. 37)
A token used for pagination of results returned.
Type: String "existingFindingStatus": "string", "id": "string",
"resourceOwnerAccount": "string", "resourceType": "string",
"nextToken": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Errors
findings (p. 38)
A list of access preview findings that match the specified filter criteria.
Type: Array of AccessPreviewFinding (p. 84) objects nextToken (p. 38)
A token used for pagination of results returned.
Type: String
Errors
For information about the errors that are common to all actions, see Common Errors (p. 147).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403 ConflictException
A conflict exception error.
HTTP Status Code: 409 InternalServerException
Internal server error.
HTTP Status Code: 500 ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404 ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429 ValidationException
Validation exception error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
See Also
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
ListAccessPreviews
ListAccessPreviews
Retrieves a list of access previews for the specified analyzer.
Request Syntax
GET /access-preview?analyzerArn=analyzerArn&maxResults=maxResults&nextToken=nextToken HTTP/1.1
URI Request Parameters
The request uses the following URI parameters.
analyzerArn (p. 41)
The ARN of the analyzer used to generate the access preview.
Pattern: [^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}
Required: Yes maxResults (p. 41)
The maximum number of results to return in the response.
nextToken (p. 41)
A token used for pagination of results returned.
Request Body
The request does not have a request body.
Response Syntax
"nextToken": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
Errors
The following data is returned in JSON format by the service.
accessPreviews (p. 41)
A list of access previews retrieved for the analyzer.
Type: Array of AccessPreviewSummary (p. 88) objects nextToken (p. 41)
A token used for pagination of results returned.
Type: String
Errors
For information about the errors that are common to all actions, see Common Errors (p. 147).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403 InternalServerException
Internal server error.
HTTP Status Code: 500 ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404 ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429 ValidationException
Validation exception error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
See Also
• AWS SDK for Python
• AWS SDK for Ruby V3
ListAnalyzedResources
ListAnalyzedResources
Retrieves a list of resources of the specified type that have been analyzed by the specified analyzer..
Request Syntax
POST /analyzed-resource HTTP/1.1 Content-type: application/json { "analyzerArn": "string", "maxResults": number, "nextToken": "string", "resourceType": "string"
}
URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
analyzerArn (p. 44)
The ARN of the analyzer to retrieve a list of analyzed resources from.
Type: String
Pattern: [^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}
Required: Yes maxResults (p. 44)
The maximum number of results to return in the response.
Type: Integer Required: No nextToken (p. 44)
A token used for pagination of results returned.
Type: String Required: No resourceType (p. 44)
The type of resource.
Type: String
Valid Values: AWS::S3::Bucket | AWS::IAM::Role | AWS::SQS::Queue | AWS::Lambda::Function | AWS::Lambda::LayerVersion | AWS::KMS::Key | AWS::SecretsManager::Secret
Response Syntax
Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json { "analyzedResources": [ {
"resourceArn": "string",
"resourceOwnerAccount": "string", "resourceType": "string"
} ],
"nextToken": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
analyzedResources (p. 45)
A list of resources that were analyzed.
Type: Array of AnalyzedResourceSummary (p. 93) objects nextToken (p. 45)
A token used for pagination of results returned.
Type: String
Errors
For information about the errors that are common to all actions, see Common Errors (p. 147).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403 InternalServerException
Internal server error.
HTTP Status Code: 500 ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404 ThrottlingException
Throttling limit exceeded error.
See Also
HTTP Status Code: 429 ValidationException
Validation exception error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
ListAnalyzers
ListAnalyzers
Retrieves a list of analyzers.
Request Syntax
GET /analyzer?maxResults=maxResults&nextToken=nextToken&type=type HTTP/1.1
URI Request Parameters
The request uses the following URI parameters.
maxResults (p. 47)
The maximum number of results to return in the response.
nextToken (p. 47)
A token used for pagination of results returned.
type (p. 47)
The type of analyzer.
The type of analyzer.