81
Access Analyzer API Reference API Version 2019-11-01
Access AnalyzerAPI Reference
API Version 2019-11-01
Access Analyzer API Reference
Access Analyzer: API ReferenceCopyright © 2020 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon's trademarks and trade dress may not be used in connection with any product or service that is notAmazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages ordiscredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who mayor may not be affiliated with, connected to, or sponsored by Amazon.
Access Analyzer API Reference
Table of ContentsWelcome .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Actions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
ApplyArchiveRule .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
CreateAnalyzer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
CreateArchiveRule .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
DeleteAnalyzer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
DeleteArchiveRule .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
GetAnalyzedResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
GetAnalyzer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
API Version 2019-11-01iii
Access Analyzer API Reference
Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
GetArchiveRule .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
GetFinding .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
ListAnalyzedResources .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
ListAnalyzers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
ListArchiveRules .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
ListFindings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
ListTagsForResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
API Version 2019-11-01iv
Access Analyzer API Reference
Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
StartResourceScan .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
TagResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
UntagResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
UpdateArchiveRule .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
UpdateFindings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Data Types .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52AnalyzedResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
AnalyzedResourceSummary .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
AnalyzerSummary .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
ArchiveRuleSummary .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Criterion .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
API Version 2019-11-01v
Access Analyzer API Reference
Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Finding .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
FindingSource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
FindingSourceDetail .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
FindingSummary .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
InlineArchiveRule .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
SortCriteria ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
StatusReason .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
ValidationExceptionField .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Common Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Common Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
API Version 2019-11-01vi
Access Analyzer API Reference
WelcomeAWS IAM Access Analyzer helps identify potential resource-access risks by enabling you to identifyany policies that grant access to an external principal. It does this by using logic-based reasoning toanalyze resource-based policies in your AWS environment. An external principal can be another AWSaccount, a root user, an IAM user or role, a federated user, an AWS service, or an anonymous user. Thisguide describes the AWS IAM Access Analyzer operations that you can call programmatically. For generalinformation about Access Analyzer, see AWS IAM Access Analyzer in the IAM User Guide.
To start using Access Analyzer, you first need to create an analyzer.
This document was last published on December 5, 2020.
API Version 2019-11-011
Access Analyzer API Reference
ActionsThe following actions are supported:
• ApplyArchiveRule (p. 3)• CreateAnalyzer (p. 5)• CreateArchiveRule (p. 8)• DeleteAnalyzer (p. 11)• DeleteArchiveRule (p. 13)• GetAnalyzedResource (p. 15)• GetAnalyzer (p. 17)• GetArchiveRule (p. 19)• GetFinding (p. 22)• ListAnalyzedResources (p. 25)• ListAnalyzers (p. 28)• ListArchiveRules (p. 31)• ListFindings (p. 34)• ListTagsForResource (p. 38)• StartResourceScan (p. 40)• TagResource (p. 42)• UntagResource (p. 44)• UpdateArchiveRule (p. 46)• UpdateFindings (p. 49)
API Version 2019-11-012
Access Analyzer API ReferenceApplyArchiveRule
ApplyArchiveRuleRetroactively applies the archive rule to existing findings that meet the archive rule criteria.
Request SyntaxPUT /archive-rule HTTP/1.1Content-type: application/json
{ "analyzerArn": "string", "clientToken": "string", "ruleName": "string"}
URI Request ParametersThe request does not use any URI parameters.
Request BodyThe request accepts the following data in JSON format.
analyzerArn (p. 3)
The Amazon resource name (ARN) of the analyzer.
Type: String
Pattern: ^[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}$
Required: YesclientToken (p. 3)
A client token.
Type: String
Required: NoruleName (p. 3)
The name of the rule to apply.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[A-Za-z][A-Za-z0-9_.-]*$
Required: Yes
Response SyntaxHTTP/1.1 200
API Version 2019-11-013
Access Analyzer API ReferenceResponse Elements
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403InternalServerException
Internal server error.
HTTP Status Code: 500ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-014
Access Analyzer API ReferenceCreateAnalyzer
CreateAnalyzerCreates an analyzer for your account.
Request SyntaxPUT /analyzer HTTP/1.1Content-type: application/json
{ "analyzerName": "string", "archiveRules": [ { "filter": { "string" : { "contains": [ "string" ], "eq": [ "string" ], "exists": boolean, "neq": [ "string" ] } }, "ruleName": "string" } ], "clientToken": "string", "tags": { "string" : "string" }, "type": "string"}
URI Request ParametersThe request does not use any URI parameters.
Request BodyThe request accepts the following data in JSON format.
analyzerName (p. 5)
The name of the analyzer to create.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[A-Za-z][A-Za-z0-9_.-]*$
Required: YesarchiveRules (p. 5)
Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings thatmeet the criteria you define for the rule.
Type: Array of InlineArchiveRule (p. 68) objects
Required: No
API Version 2019-11-015
Access Analyzer API ReferenceResponse Syntax
clientToken (p. 5)
A client token.
Type: String
Required: Notags (p. 5)
The tags to apply to the analyzer.
Type: String to string map
Required: Notype (p. 5)
The type of analyzer to create. Only ACCOUNT and ORGANIZATION analyzers are supported. You cancreate only one analyzer per account per Region. You can create up to 5 analyzers per organizationper Region.
Type: String
Valid Values: ACCOUNT | ORGANIZATION
Required: Yes
Response SyntaxHTTP/1.1 200Content-type: application/json
{ "arn": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
arn (p. 6)
The ARN of the analyzer that was created by the request.
Type: String
Pattern: ^[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}$
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
API Version 2019-11-016
Access Analyzer API ReferenceSee Also
HTTP Status Code: 403ConflictException
A conflict exception error.
HTTP Status Code: 409InternalServerException
Internal server error.
HTTP Status Code: 500ServiceQuotaExceededException
Service quote met error.
HTTP Status Code: 402ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-017
Access Analyzer API ReferenceCreateArchiveRule
CreateArchiveRuleCreates an archive rule for the specified analyzer. Archive rules automatically archive new findings thatmeet the criteria you define when you create the rule.
Request SyntaxPUT /analyzer/analyzerName/archive-rule HTTP/1.1Content-type: application/json
{ "clientToken": "string", "filter": { "string" : { "contains": [ "string" ], "eq": [ "string" ], "exists": boolean, "neq": [ "string" ] } }, "ruleName": "string"}
URI Request ParametersThe request uses the following URI parameters.
analyzerName (p. 8)
The name of the created analyzer.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[A-Za-z][A-Za-z0-9_.-]*$
Required: Yes
Request BodyThe request accepts the following data in JSON format.
clientToken (p. 8)
A client token.
Type: String
Required: No
filter (p. 8)
The criteria for the rule.
Type: String to Criterion (p. 59) object map
Required: Yes
API Version 2019-11-018
Access Analyzer API ReferenceResponse Syntax
ruleName (p. 8)
The name of the rule to create.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[A-Za-z][A-Za-z0-9_.-]*$
Required: Yes
Response SyntaxHTTP/1.1 200
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403ConflictException
A conflict exception error.
HTTP Status Code: 409InternalServerException
Internal server error.
HTTP Status Code: 500ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404ServiceQuotaExceededException
Service quote met error.
HTTP Status Code: 402ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429
API Version 2019-11-019
Access Analyzer API ReferenceSee Also
ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-0110
Access Analyzer API ReferenceDeleteAnalyzer
DeleteAnalyzerDeletes the specified analyzer. When you delete an analyzer, Access Analyzer is disabled for the accountor organization in the current or specific Region. All findings that were generated by the analyzer aredeleted. You cannot undo this action.
Request SyntaxDELETE /analyzer/analyzerName?clientToken=clientToken HTTP/1.1
URI Request ParametersThe request uses the following URI parameters.
analyzerName (p. 11)
The name of the analyzer to delete.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[A-Za-z][A-Za-z0-9_.-]*$
Required: YesclientToken (p. 11)
A client token.
Request BodyThe request does not have a request body.
Response SyntaxHTTP/1.1 200
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403InternalServerException
Internal server error.
API Version 2019-11-0111
Access Analyzer API ReferenceSee Also
HTTP Status Code: 500ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-0112
Access Analyzer API ReferenceDeleteArchiveRule
DeleteArchiveRuleDeletes the specified archive rule.
Request SyntaxDELETE /analyzer/analyzerName/archive-rule/ruleName?clientToken=clientToken HTTP/1.1
URI Request ParametersThe request uses the following URI parameters.
analyzerName (p. 13)
The name of the analyzer that associated with the archive rule to delete.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[A-Za-z][A-Za-z0-9_.-]*$
Required: YesclientToken (p. 13)
A client token.ruleName (p. 13)
The name of the rule to delete.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[A-Za-z][A-Za-z0-9_.-]*$
Required: Yes
Request BodyThe request does not have a request body.
Response SyntaxHTTP/1.1 200
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
API Version 2019-11-0113
Access Analyzer API ReferenceSee Also
HTTP Status Code: 403InternalServerException
Internal server error.
HTTP Status Code: 500ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-0114
Access Analyzer API ReferenceGetAnalyzedResource
GetAnalyzedResourceRetrieves information about a resource that was analyzed.
Request SyntaxGET /analyzed-resource?analyzerArn=analyzerArn&resourceArn=resourceArn HTTP/1.1
URI Request ParametersThe request uses the following URI parameters.
analyzerArn (p. 15)
The ARN of the analyzer to retrieve information from.
Pattern: ^[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}$
Required: YesresourceArn (p. 15)
The ARN of the resource to retrieve information about.
Pattern: arn:[^:]*:[^:]*:[^:]*:[^:]*:.*$
Required: Yes
Request BodyThe request does not have a request body.
Response SyntaxHTTP/1.1 200Content-type: application/json
{ "resource": { "actions": [ "string" ], "analyzedAt": number, "createdAt": number, "error": "string", "isPublic": boolean, "resourceArn": "string", "resourceOwnerAccount": "string", "resourceType": "string", "sharedVia": [ "string" ], "status": "string", "updatedAt": number }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
API Version 2019-11-0115
Access Analyzer API ReferenceErrors
The following data is returned in JSON format by the service.
resource (p. 15)
An AnalyedResource object that contains information that Access Analyzer found when itanalyzed the resource.
Type: AnalyzedResource (p. 53) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403InternalServerException
Internal server error.
HTTP Status Code: 500ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-0116
Access Analyzer API ReferenceGetAnalyzer
GetAnalyzerRetrieves information about the specified analyzer.
Request SyntaxGET /analyzer/analyzerName HTTP/1.1
URI Request ParametersThe request uses the following URI parameters.
analyzerName (p. 17)
The name of the analyzer retrieved.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[A-Za-z][A-Za-z0-9_.-]*$
Required: Yes
Request BodyThe request does not have a request body.
Response SyntaxHTTP/1.1 200Content-type: application/json
{ "analyzer": { "arn": "string", "createdAt": number, "lastResourceAnalyzed": "string", "lastResourceAnalyzedAt": number, "name": "string", "status": "string", "statusReason": { "code": "string" }, "tags": { "string" : "string" }, "type": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
API Version 2019-11-0117
Access Analyzer API ReferenceErrors
analyzer (p. 17)
An AnalyzerSummary object that contains information about the analyzer.
Type: AnalyzerSummary (p. 56) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403InternalServerException
Internal server error.
HTTP Status Code: 500ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-0118
Access Analyzer API ReferenceGetArchiveRule
GetArchiveRuleRetrieves information about an archive rule.
To learn about filter keys that you can use to create an archive rule, see Access Analyzer filter keys in theIAM User Guide.
Request SyntaxGET /analyzer/analyzerName/archive-rule/ruleName HTTP/1.1
URI Request ParametersThe request uses the following URI parameters.
analyzerName (p. 19)
The name of the analyzer to retrieve rules from.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[A-Za-z][A-Za-z0-9_.-]*$
Required: YesruleName (p. 19)
The name of the rule to retrieve.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[A-Za-z][A-Za-z0-9_.-]*$
Required: Yes
Request BodyThe request does not have a request body.
Response SyntaxHTTP/1.1 200Content-type: application/json
{ "archiveRule": { "createdAt": number, "filter": { "string" : { "contains": [ "string" ], "eq": [ "string" ], "exists": boolean, "neq": [ "string" ] } }, "ruleName": "string",
API Version 2019-11-0119
Access Analyzer API ReferenceResponse Elements
"updatedAt": number }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
archiveRule (p. 19)
Contains information about an archive rule.
Type: ArchiveRuleSummary (p. 58) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403InternalServerException
Internal server error.
HTTP Status Code: 500ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go
API Version 2019-11-0120
Access Analyzer API ReferenceSee Also
• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-0121
Access Analyzer API ReferenceGetFinding
GetFindingRetrieves information about the specified finding.
Request SyntaxGET /finding/id?analyzerArn=analyzerArn HTTP/1.1
URI Request ParametersThe request uses the following URI parameters.
analyzerArn (p. 22)
The ARN of the analyzer that generated the finding.
Pattern: ^[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}$
Required: Yesid (p. 22)
The ID of the finding to retrieve.
Required: Yes
Request BodyThe request does not have a request body.
Response SyntaxHTTP/1.1 200Content-type: application/json
{ "finding": { "action": [ "string" ], "analyzedAt": number, "condition": { "string" : "string" }, "createdAt": number, "error": "string", "id": "string", "isPublic": boolean, "principal": { "string" : "string" }, "resource": "string", "resourceOwnerAccount": "string", "resourceType": "string", "sources": [ { "detail": { "accessPointArn": "string"
API Version 2019-11-0122
Access Analyzer API ReferenceResponse Elements
}, "type": "string" } ], "status": "string", "updatedAt": number }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
finding (p. 22)
A finding object that contains finding details.
Type: Finding (p. 60) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403InternalServerException
Internal server error.
HTTP Status Code: 500ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
API Version 2019-11-0123
Access Analyzer API ReferenceSee Also
• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-0124
Access Analyzer API ReferenceListAnalyzedResources
ListAnalyzedResourcesRetrieves a list of resources of the specified type that have been analyzed by the specified analyzer..
Request SyntaxPOST /analyzed-resource HTTP/1.1Content-type: application/json
{ "analyzerArn": "string", "maxResults": number, "nextToken": "string", "resourceType": "string"}
URI Request ParametersThe request does not use any URI parameters.
Request BodyThe request accepts the following data in JSON format.
analyzerArn (p. 25)
The ARN of the analyzer to retrieve a list of analyzed resources from.
Type: String
Pattern: ^[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}$
Required: YesmaxResults (p. 25)
The maximum number of results to return in the response.
Type: Integer
Required: NonextToken (p. 25)
A token used for pagination of results returned.
Type: String
Required: NoresourceType (p. 25)
The type of resource.
Type: String
Valid Values: AWS::S3::Bucket | AWS::IAM::Role | AWS::SQS::Queue |AWS::Lambda::Function | AWS::Lambda::LayerVersion | AWS::KMS::Key
Required: No
API Version 2019-11-0125
Access Analyzer API ReferenceResponse Syntax
Response SyntaxHTTP/1.1 200Content-type: application/json
{ "analyzedResources": [ { "resourceArn": "string", "resourceOwnerAccount": "string", "resourceType": "string" } ], "nextToken": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
analyzedResources (p. 26)
A list of resources that were analyzed.
Type: Array of AnalyzedResourceSummary (p. 55) objectsnextToken (p. 26)
A token used for pagination of results returned.
Type: String
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403InternalServerException
Internal server error.
HTTP Status Code: 500ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429
API Version 2019-11-0126
Access Analyzer API ReferenceSee Also
ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-0127
Access Analyzer API ReferenceListAnalyzers
ListAnalyzersRetrieves a list of analyzers.
Request SyntaxGET /analyzer?maxResults=maxResults&nextToken=nextToken&type=type HTTP/1.1
URI Request ParametersThe request uses the following URI parameters.
maxResults (p. 28)
The maximum number of results to return in the response.
nextToken (p. 28)
A token used for pagination of results returned.
type (p. 28)
The type of analyzer.
Valid Values: ACCOUNT | ORGANIZATION
Request BodyThe request does not have a request body.
Response SyntaxHTTP/1.1 200Content-type: application/json
{ "analyzers": [ { "arn": "string", "createdAt": number, "lastResourceAnalyzed": "string", "lastResourceAnalyzedAt": number, "name": "string", "status": "string", "statusReason": { "code": "string" }, "tags": { "string" : "string" }, "type": "string" } ], "nextToken": "string"}
API Version 2019-11-0128
Access Analyzer API ReferenceResponse Elements
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
analyzers (p. 28)
The analyzers retrieved.
Type: Array of AnalyzerSummary (p. 56) objectsnextToken (p. 28)
A token used for pagination of results returned.
Type: String
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403InternalServerException
Internal server error.
HTTP Status Code: 500ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python
API Version 2019-11-0129
Access Analyzer API ReferenceSee Also
• AWS SDK for Ruby V3
API Version 2019-11-0130
Access Analyzer API ReferenceListArchiveRules
ListArchiveRulesRetrieves a list of archive rules created for the specified analyzer.
Request SyntaxGET /analyzer/analyzerName/archive-rule?maxResults=maxResults&nextToken=nextToken HTTP/1.1
URI Request ParametersThe request uses the following URI parameters.
analyzerName (p. 31)
The name of the analyzer to retrieve rules from.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[A-Za-z][A-Za-z0-9_.-]*$
Required: YesmaxResults (p. 31)
The maximum number of results to return in the request.nextToken (p. 31)
A token used for pagination of results returned.
Request BodyThe request does not have a request body.
Response SyntaxHTTP/1.1 200Content-type: application/json
{ "archiveRules": [ { "createdAt": number, "filter": { "string" : { "contains": [ "string" ], "eq": [ "string" ], "exists": boolean, "neq": [ "string" ] } }, "ruleName": "string", "updatedAt": number } ], "nextToken": "string"}
API Version 2019-11-0131
Access Analyzer API ReferenceResponse Elements
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
archiveRules (p. 31)
A list of archive rules created for the specified analyzer.
Type: Array of ArchiveRuleSummary (p. 58) objectsnextToken (p. 31)
A token used for pagination of results returned.
Type: String
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403InternalServerException
Internal server error.
HTTP Status Code: 500ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python
API Version 2019-11-0132
Access Analyzer API ReferenceSee Also
• AWS SDK for Ruby V3
API Version 2019-11-0133
Access Analyzer API ReferenceListFindings
ListFindingsRetrieves a list of findings generated by the specified analyzer.
To learn about filter keys that you can use to create an archive rule, see Access Analyzer filter keys in theIAM User Guide.
Request SyntaxPOST /finding HTTP/1.1Content-type: application/json
{ "analyzerArn": "string", "filter": { "string" : { "contains": [ "string" ], "eq": [ "string" ], "exists": boolean, "neq": [ "string" ] } }, "maxResults": number, "nextToken": "string", "sort": { "attributeName": "string", "orderBy": "string" }}
URI Request ParametersThe request does not use any URI parameters.
Request BodyThe request accepts the following data in JSON format.
analyzerArn (p. 34)
The ARN of the analyzer to retrieve findings from.
Type: String
Pattern: ^[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}$
Required: Yesfilter (p. 34)
A filter to match for the findings to return.
Type: String to Criterion (p. 59) object map
Required: NomaxResults (p. 34)
The maximum number of results to return in the response.
API Version 2019-11-0134
Access Analyzer API ReferenceResponse Syntax
Type: Integer
Required: NonextToken (p. 34)
A token used for pagination of results returned.
Type: String
Required: Nosort (p. 34)
The sort order for the findings returned.
Type: SortCriteria (p. 69) object
Required: No
Response SyntaxHTTP/1.1 200Content-type: application/json
{ "findings": [ { "action": [ "string" ], "analyzedAt": number, "condition": { "string" : "string" }, "createdAt": number, "error": "string", "id": "string", "isPublic": boolean, "principal": { "string" : "string" }, "resource": "string", "resourceOwnerAccount": "string", "resourceType": "string", "sources": [ { "detail": { "accessPointArn": "string" }, "type": "string" } ], "status": "string", "updatedAt": number } ], "nextToken": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
API Version 2019-11-0135
Access Analyzer API ReferenceErrors
The following data is returned in JSON format by the service.
findings (p. 35)
A list of findings retrieved from the analyzer that match the filter criteria specified, if any.
Type: Array of FindingSummary (p. 65) objectsnextToken (p. 35)
A token used for pagination of results returned.
Type: String
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403InternalServerException
Internal server error.
HTTP Status Code: 500ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3
API Version 2019-11-0136
Access Analyzer API ReferenceSee Also
• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-0137
Access Analyzer API ReferenceListTagsForResource
ListTagsForResourceRetrieves a list of tags applied to the specified resource.
Request SyntaxGET /tags/resourceArn HTTP/1.1
URI Request ParametersThe request uses the following URI parameters.
resourceArn (p. 38)
The ARN of the resource to retrieve tags from.
Required: Yes
Request BodyThe request does not have a request body.
Response SyntaxHTTP/1.1 200Content-type: application/json
{ "tags": { "string" : "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
tags (p. 38)
The tags that are applied to the specified resource.
Type: String to string map
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
API Version 2019-11-0138
Access Analyzer API ReferenceSee Also
HTTP Status Code: 403InternalServerException
Internal server error.
HTTP Status Code: 500ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-0139
Access Analyzer API ReferenceStartResourceScan
StartResourceScanImmediately starts a scan of the policies applied to the specified resource.
Request SyntaxPOST /resource/scan HTTP/1.1Content-type: application/json
{ "analyzerArn": "string", "resourceArn": "string"}
URI Request ParametersThe request does not use any URI parameters.
Request BodyThe request accepts the following data in JSON format.
analyzerArn (p. 40)
The ARN of the analyzer to use to scan the policies applied to the specified resource.
Type: String
Pattern: ^[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}$
Required: YesresourceArn (p. 40)
The ARN of the resource to scan.
Type: String
Pattern: arn:[^:]*:[^:]*:[^:]*:[^:]*:.*$
Required: Yes
Response SyntaxHTTP/1.1 200
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
API Version 2019-11-0140
Access Analyzer API ReferenceSee Also
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403InternalServerException
Internal server error.
HTTP Status Code: 500ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-0141
Access Analyzer API ReferenceTagResource
TagResourceAdds a tag to the specified resource.
Request SyntaxPOST /tags/resourceArn HTTP/1.1Content-type: application/json
{ "tags": { "string" : "string" }}
URI Request ParametersThe request uses the following URI parameters.
resourceArn (p. 42)
The ARN of the resource to add the tag to.
Required: Yes
Request BodyThe request accepts the following data in JSON format.
tags (p. 42)
The tags to add to the resource.
Type: String to string map
Required: Yes
Response SyntaxHTTP/1.1 200
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
API Version 2019-11-0142
Access Analyzer API ReferenceSee Also
HTTP Status Code: 403InternalServerException
Internal server error.
HTTP Status Code: 500ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-0143
Access Analyzer API ReferenceUntagResource
UntagResourceRemoves a tag from the specified resource.
Request SyntaxDELETE /tags/resourceArn?tagKeys=tagKeys HTTP/1.1
URI Request ParametersThe request uses the following URI parameters.
resourceArn (p. 44)
The ARN of the resource to remove the tag from.
Required: YestagKeys (p. 44)
The key for the tag to add.
Required: Yes
Request BodyThe request does not have a request body.
Response SyntaxHTTP/1.1 200
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403InternalServerException
Internal server error.
HTTP Status Code: 500ResourceNotFoundException
The specified resource could not be found.
API Version 2019-11-0144
Access Analyzer API ReferenceSee Also
HTTP Status Code: 404ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-0145
Access Analyzer API ReferenceUpdateArchiveRule
UpdateArchiveRuleUpdates the criteria and values for the specified archive rule.
Request SyntaxPUT /analyzer/analyzerName/archive-rule/ruleName HTTP/1.1Content-type: application/json
{ "clientToken": "string", "filter": { "string" : { "contains": [ "string" ], "eq": [ "string" ], "exists": boolean, "neq": [ "string" ] } }}
URI Request ParametersThe request uses the following URI parameters.
analyzerName (p. 46)
The name of the analyzer to update the archive rules for.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[A-Za-z][A-Za-z0-9_.-]*$
Required: Yes
ruleName (p. 46)
The name of the rule to update.
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[A-Za-z][A-Za-z0-9_.-]*$
Required: Yes
Request BodyThe request accepts the following data in JSON format.
clientToken (p. 46)
A client token.
Type: String
Required: No
API Version 2019-11-0146
Access Analyzer API ReferenceResponse Syntax
filter (p. 46)
A filter to match for the rules to update. Only rules that match the filter are updated.
Type: String to Criterion (p. 59) object map
Required: Yes
Response SyntaxHTTP/1.1 200
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403InternalServerException
Internal server error.
HTTP Status Code: 500ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++
API Version 2019-11-0147
Access Analyzer API ReferenceSee Also
• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-0148
Access Analyzer API ReferenceUpdateFindings
UpdateFindingsUpdates the status for the specified findings.
Request SyntaxPUT /finding HTTP/1.1Content-type: application/json
{ "analyzerArn": "string", "clientToken": "string", "ids": [ "string" ], "resourceArn": "string", "status": "string"}
URI Request ParametersThe request does not use any URI parameters.
Request BodyThe request accepts the following data in JSON format.
analyzerArn (p. 49)
The ARN of the analyzer that generated the findings to update.
Type: String
Pattern: ^[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}$
Required: YesclientToken (p. 49)
A client token.
Type: String
Required: Noids (p. 49)
The IDs of the findings to update.
Type: Array of strings
Required: NoresourceArn (p. 49)
The ARN of the resource identified in the finding.
Type: String
Pattern: arn:[^:]*:[^:]*:[^:]*:[^:]*:.*$
Required: No
API Version 2019-11-0149
Access Analyzer API ReferenceResponse Syntax
status (p. 49)
The state represents the action to take to update the finding Status. Use ARCHIVE to change anActive finding to an Archived finding. Use ACTIVE to change an Archived finding to an Activefinding.
Type: String
Valid Values: ACTIVE | ARCHIVED
Required: Yes
Response SyntaxHTTP/1.1 200
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 74).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 403InternalServerException
Internal server error.
HTTP Status Code: 500ResourceNotFoundException
The specified resource could not be found.
HTTP Status Code: 404ThrottlingException
Throttling limit exceeded error.
HTTP Status Code: 429ValidationException
Validation exception error.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
API Version 2019-11-0150
Access Analyzer API ReferenceSee Also
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
API Version 2019-11-0151
Access Analyzer API Reference
Data TypesThe Access Analyzer API contains several data types that various actions use. This section describes eachdata type in detail.
NoteThe order of each element in a data type structure is not guaranteed. Applications should notassume a particular order.
The following data types are supported:
• AnalyzedResource (p. 53)• AnalyzedResourceSummary (p. 55)• AnalyzerSummary (p. 56)• ArchiveRuleSummary (p. 58)• Criterion (p. 59)• Finding (p. 60)• FindingSource (p. 63)• FindingSourceDetail (p. 64)• FindingSummary (p. 65)• InlineArchiveRule (p. 68)• SortCriteria (p. 69)• StatusReason (p. 70)• ValidationExceptionField (p. 71)
API Version 2019-11-0152
Access Analyzer API ReferenceAnalyzedResource
AnalyzedResourceContains details about the analyzed resource.
Contentsactions
The actions that an external principal is granted permission to use by the policy that generated thefinding.
Type: Array of strings
Required: NoanalyzedAt
The time at which the resource was analyzed.
Type: Timestamp
Required: YescreatedAt
The time at which the finding was created.
Type: Timestamp
Required: Yeserror
An error message.
Type: String
Required: NoisPublic
Indicates whether the policy that generated the finding grants public access to the resource.
Type: Boolean
Required: YesresourceArn
The ARN of the resource that was analyzed.
Type: String
Pattern: arn:[^:]*:[^:]*:[^:]*:[^:]*:.*$
Required: YesresourceOwnerAccount
The AWS account ID that owns the resource.
Type: String
Required: Yes
API Version 2019-11-0153
Access Analyzer API ReferenceSee Also
resourceType
The type of the resource that was analyzed.
Type: String
Valid Values: AWS::S3::Bucket | AWS::IAM::Role | AWS::SQS::Queue |AWS::Lambda::Function | AWS::Lambda::LayerVersion | AWS::KMS::Key
Required: YessharedVia
Indicates how the access that generated the finding is granted. This is populated for Amazon S3bucket findings.
Type: Array of strings
Required: Nostatus
The current status of the finding generated from the analyzed resource.
Type: String
Valid Values: ACTIVE | ARCHIVED | RESOLVED
Required: NoupdatedAt
The time at which the finding was updated.
Type: Timestamp
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
API Version 2019-11-0154
Access Analyzer API ReferenceAnalyzedResourceSummary
AnalyzedResourceSummaryContains the ARN of the analyzed resource.
ContentsresourceArn
The ARN of the analyzed resource.
Type: String
Pattern: arn:[^:]*:[^:]*:[^:]*:[^:]*:.*$
Required: YesresourceOwnerAccount
The AWS account ID that owns the resource.
Type: String
Required: YesresourceType
The type of resource that was analyzed.
Type: String
Valid Values: AWS::S3::Bucket | AWS::IAM::Role | AWS::SQS::Queue |AWS::Lambda::Function | AWS::Lambda::LayerVersion | AWS::KMS::Key
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
API Version 2019-11-0155
Access Analyzer API ReferenceAnalyzerSummary
AnalyzerSummaryContains information about the analyzer.
Contentsarn
The ARN of the analyzer.
Type: String
Pattern: ^[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}$
Required: YescreatedAt
A timestamp for the time at which the analyzer was created.
Type: Timestamp
Required: YeslastResourceAnalyzed
The resource that was most recently analyzed by the analyzer.
Type: String
Required: NolastResourceAnalyzedAt
The time at which the most recently analyzed resource was analyzed.
Type: Timestamp
Required: Noname
The name of the analyzer.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[A-Za-z][A-Za-z0-9_.-]*$
Required: Yesstatus
The status of the analyzer. An Active analyzer successfully monitors supported resources andgenerates new findings. The analyzer is Disabled when a user action, such as removing trustedaccess for AWS IAM Access Analyzer from AWS Organizations, causes the analyzer to stop generatingnew findings. The status is Creating when the analyzer creation is in progress and Failed whenthe analyzer creation has failed.
Type: String
Valid Values: ACTIVE | CREATING | DISABLED | FAILED
API Version 2019-11-0156
Access Analyzer API ReferenceSee Also
Required: YesstatusReason
The statusReason provides more details about the current status of the analyzer. For example, ifthe creation for the analyzer fails, a Failed status is displayed. For an analyzer with organizationas the type, this failure can be due to an issue with creating the service-linked roles required in themember accounts of the AWS organization.
Type: StatusReason (p. 70) object
Required: Notags
The tags added to the analyzer.
Type: String to string map
Required: Notype
The type of analyzer, which corresponds to the zone of trust chosen for the analyzer.
Type: String
Valid Values: ACCOUNT | ORGANIZATION
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
API Version 2019-11-0157
Access Analyzer API ReferenceArchiveRuleSummary
ArchiveRuleSummaryContains information about an archive rule.
ContentscreatedAt
The time at which the archive rule was created.
Type: Timestamp
Required: Yesfilter
A filter used to define the archive rule.
Type: String to Criterion (p. 59) object map
Required: YesruleName
The name of the archive rule.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[A-Za-z][A-Za-z0-9_.-]*$
Required: YesupdatedAt
The time at which the archive rule was last updated.
Type: Timestamp
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
API Version 2019-11-0158
Access Analyzer API ReferenceCriterion
CriterionThe criteria to use in the filter that defines the archive rule.
Contentscontains
A "contains" operator to match for the filter used to create the rule.
Type: Array of strings
Array Members: Minimum number of 1 item. Maximum number of 20 items.
Required: Noeq
An "equals" operator to match for the filter used to create the rule.
Type: Array of strings
Array Members: Minimum number of 1 item. Maximum number of 20 items.
Required: Noexists
An "exists" operator to match for the filter used to create the rule.
Type: Boolean
Required: Noneq
A "not equals" operator to match for the filter used to create the rule.
Type: Array of strings
Array Members: Minimum number of 1 item. Maximum number of 20 items.
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
API Version 2019-11-0159
Access Analyzer API ReferenceFinding
FindingContains information about a finding.
Contentsaction
The action in the analyzed policy statement that an external principal has permission to use.
Type: Array of strings
Required: NoanalyzedAt
The time at which the resource was analyzed.
Type: Timestamp
Required: Yescondition
The condition in the analyzed policy statement that resulted in a finding.
Type: String to string map
Required: YescreatedAt
The time at which the finding was generated.
Type: Timestamp
Required: Yeserror
An error.
Type: String
Required: Noid
The ID of the finding.
Type: String
Required: YesisPublic
Indicates whether the policy that generated the finding allows public access to the resource.
Type: Boolean
Required: Noprincipal
The external principal that access to a resource within the zone of trust.
API Version 2019-11-0160
Access Analyzer API ReferenceSee Also
Type: String to string map
Required: Noresource
The resource that an external principal has access to.
Type: String
Required: NoresourceOwnerAccount
The AWS account ID that owns the resource.
Type: String
Required: YesresourceType
The type of the resource reported in the finding.
Type: String
Valid Values: AWS::S3::Bucket | AWS::IAM::Role | AWS::SQS::Queue |AWS::Lambda::Function | AWS::Lambda::LayerVersion | AWS::KMS::Key
Required: Yessources
The sources of the finding. This indicates how the access that generated the finding is granted. It ispopulated for Amazon S3 bucket findings.
Type: Array of FindingSource (p. 63) objects
Required: Nostatus
The current status of the finding.
Type: String
Valid Values: ACTIVE | ARCHIVED | RESOLVED
Required: YesupdatedAt
The time at which the finding was updated.
Type: Timestamp
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go
API Version 2019-11-0161
Access Analyzer API ReferenceSee Also
• AWS SDK for Java• AWS SDK for Ruby V3
API Version 2019-11-0162
Access Analyzer API ReferenceFindingSource
FindingSourceThe source of the finding. This indicates how the access that generated the finding is granted. It ispopulated for Amazon S3 bucket findings.
Contentsdetail
Includes details about how the access that generated the finding is granted. This is populated forAmazon S3 bucket findings.
Type: FindingSourceDetail (p. 64) object
Required: Notype
Indicates the type of access that generated the finding.
Type: String
Valid Values: POLICY | BUCKET_ACL | S3_ACCESS_POINT
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
API Version 2019-11-0163
Access Analyzer API ReferenceFindingSourceDetail
FindingSourceDetailIncludes details about how the access that generated the finding is granted. This is populated forAmazon S3 bucket findings.
ContentsaccessPointArn
The ARN of the access point that generated the finding.
Type: String
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
API Version 2019-11-0164
Access Analyzer API ReferenceFindingSummary
FindingSummaryContains information about a finding.
Contentsaction
The action in the analyzed policy statement that an external principal has permission to use.
Type: Array of strings
Required: NoanalyzedAt
The time at which the resource-based policy that generated the finding was analyzed.
Type: Timestamp
Required: Yescondition
The condition in the analyzed policy statement that resulted in a finding.
Type: String to string map
Required: YescreatedAt
The time at which the finding was created.
Type: Timestamp
Required: Yeserror
The error that resulted in an Error finding.
Type: String
Required: Noid
The ID of the finding.
Type: String
Required: YesisPublic
Indicates whether the finding reports a resource that has a policy that allows public access.
Type: Boolean
Required: Noprincipal
The external principal that has access to a resource within the zone of trust.
API Version 2019-11-0165
Access Analyzer API ReferenceSee Also
Type: String to string map
Required: Noresource
The resource that the external principal has access to.
Type: String
Required: NoresourceOwnerAccount
The AWS account ID that owns the resource.
Type: String
Required: YesresourceType
The type of the resource that the external principal has access to.
Type: String
Valid Values: AWS::S3::Bucket | AWS::IAM::Role | AWS::SQS::Queue |AWS::Lambda::Function | AWS::Lambda::LayerVersion | AWS::KMS::Key
Required: Yessources
The sources of the finding. This indicates how the access that generated the finding is granted. It ispopulated for Amazon S3 bucket findings.
Type: Array of FindingSource (p. 63) objects
Required: Nostatus
The status of the finding.
Type: String
Valid Values: ACTIVE | ARCHIVED | RESOLVED
Required: YesupdatedAt
The time at which the finding was most recently updated.
Type: Timestamp
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go
API Version 2019-11-0166
Access Analyzer API ReferenceSee Also
• AWS SDK for Java• AWS SDK for Ruby V3
API Version 2019-11-0167
Access Analyzer API ReferenceInlineArchiveRule
InlineArchiveRuleAn criterion statement in an archive rule. Each archive rule may have multiple criteria.
Contentsfilter
The condition and values for a criterion.
Type: String to Criterion (p. 59) object map
Required: YesruleName
The name of the rule.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[A-Za-z][A-Za-z0-9_.-]*$
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
API Version 2019-11-0168
Access Analyzer API ReferenceSortCriteria
SortCriteriaThe criteria used to sort.
ContentsattributeName
The name of the attribute to sort on.
Type: String
Required: NoorderBy
The sort order, ascending or descending.
Type: String
Valid Values: ASC | DESC
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
API Version 2019-11-0169
Access Analyzer API ReferenceStatusReason
StatusReasonProvides more details about the current status of the analyzer. For example, if the creation for theanalyzer fails, a Failed status is displayed. For an analyzer with organization as the type, this failure canbe due to an issue with creating the service-linked roles required in the member accounts of the AWSorganization.
Contentscode
The reason code for the current status of the analyzer.
Type: String
Valid Values: AWS_SERVICE_ACCESS_DISABLED |DELEGATED_ADMINISTRATOR_DEREGISTERED | ORGANIZATION_DELETED |SERVICE_LINKED_ROLE_CREATION_FAILED
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
API Version 2019-11-0170
Access Analyzer API ReferenceValidationExceptionField
ValidationExceptionFieldContains information about a validation exception.
Contentsmessage
A message about the validation exception.
Type: String
Required: Yesname
The name of the validation exception.
Type: String
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3
API Version 2019-11-0171
Access Analyzer API Reference
Common ParametersThe following list contains the parameters that all actions use for signing Signature Version 4 requestswith a query string. Any action-specific parameters are listed in the topic for that action. For moreinformation about Signature Version 4, see Signature Version 4 Signing Process in the Amazon WebServices General Reference.
Action
The action to be performed.
Type: string
Required: YesVersion
The API version that the request is written for, expressed in the format YYYY-MM-DD.
Type: string
Required: YesX-Amz-Algorithm
The hash algorithm that you used to create the request signature.
Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.
Type: string
Valid Values: AWS4-HMAC-SHA256
Required: ConditionalX-Amz-Credential
The credential scope value, which is a string that includes your access key, the date, the region youare targeting, the service you are requesting, and a termination string ("aws4_request"). The value isexpressed in the following format: access_key/YYYYMMDD/region/service/aws4_request.
For more information, see Task 2: Create a String to Sign for Signature Version 4 in the Amazon WebServices General Reference.
Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.
Type: string
Required: ConditionalX-Amz-Date
The date that is used to create the signature. The format must be ISO 8601 basic format(YYYYMMDD'T'HHMMSS'Z'). For example, the following date time is a valid X-Amz-Date value:20120325T120000Z.
Condition: X-Amz-Date is optional for all requests; it can be used to override the date used forsigning requests. If the Date header is specified in the ISO 8601 basic format, X-Amz-Date is
API Version 2019-11-0172
Access Analyzer API Reference
not required. When X-Amz-Date is used, it always overrides the value of the Date header. Formore information, see Handling Dates in Signature Version 4 in the Amazon Web Services GeneralReference.
Type: string
Required: ConditionalX-Amz-Security-Token
The temporary security token that was obtained through a call to AWS Security Token Service (AWSSTS). For a list of services that support temporary security credentials from AWS Security TokenService, go to AWS Services That Work with IAM in the IAM User Guide.
Condition: If you're using temporary security credentials from the AWS Security Token Service, youmust include the security token.
Type: string
Required: ConditionalX-Amz-Signature
Specifies the hex-encoded signature that was calculated from the string to sign and the derivedsigning key.
Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.
Type: string
Required: ConditionalX-Amz-SignedHeaders
Specifies all the HTTP headers that were included as part of the canonical request. For moreinformation about specifying signed headers, see Task 1: Create a Canonical Request For SignatureVersion 4 in the Amazon Web Services General Reference.
Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.
Type: string
Required: Conditional
API Version 2019-11-0173
Access Analyzer API Reference
Common ErrorsThis section lists the errors common to the API actions of all AWS services. For errors specific to an APIaction for this service, see the topic for that API action.
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 400IncompleteSignature
The request signature does not conform to AWS standards.
HTTP Status Code: 400InternalFailure
The request processing has failed because of an unknown error, exception or failure.
HTTP Status Code: 500InvalidAction
The action or operation requested is invalid. Verify that the action is typed correctly.
HTTP Status Code: 400InvalidClientTokenId
The X.509 certificate or AWS access key ID provided does not exist in our records.
HTTP Status Code: 403InvalidParameterCombination
Parameters that must not be used together were used together.
HTTP Status Code: 400InvalidParameterValue
An invalid or out-of-range value was supplied for the input parameter.
HTTP Status Code: 400InvalidQueryParameter
The AWS query string is malformed or does not adhere to AWS standards.
HTTP Status Code: 400MalformedQueryString
The query string contains a syntax error.
HTTP Status Code: 404MissingAction
The request is missing an action or a required parameter.
HTTP Status Code: 400
API Version 2019-11-0174
Access Analyzer API Reference
MissingAuthenticationToken
The request must contain either a valid (registered) AWS access key ID or X.509 certificate.
HTTP Status Code: 403MissingParameter
A required parameter for the specified action is not supplied.
HTTP Status Code: 400NotAuthorized
You do not have permission to perform this action.
HTTP Status Code: 400OptInRequired
The AWS access key ID needs a subscription for the service.
HTTP Status Code: 403RequestExpired
The request reached the service more than 15 minutes after the date stamp on the request or morethan 15 minutes after the request expiration date (such as for pre-signed URLs), or the date stampon the request is more than 15 minutes in the future.
HTTP Status Code: 400ServiceUnavailable
The request has failed due to a temporary failure of the server.
HTTP Status Code: 503ThrottlingException
The request was denied due to request throttling.
HTTP Status Code: 400ValidationError
The input fails to satisfy the constraints specified by an AWS service.
HTTP Status Code: 400
API Version 2019-11-0175
