AccessAnalyzer#
Client#
- class AccessAnalyzer.Client#
A low-level client representing Access Analyzer
Identity and Access Management Access Analyzer helps you to set, verify, and refine your IAM policies by providing a suite of capabilities. Its features include findings for external and unused access, basic and custom policy checks for validating policies, and policy generation to generate fine-grained policies. To start using IAM Access Analyzer to identify external or unused access, you first need to create an analyzer.
External access analyzers help identify potential risks of accessing resources by enabling you to identify any resource policies that grant access to an external principal. It does this by using logic-based reasoning to analyze resource-based policies in your Amazon Web Services environment. An external principal can be another Amazon Web Services account, a root user, an IAM user or role, a federated user, an Amazon Web Services service, or an anonymous user. You can also use IAM Access Analyzer to preview public and cross-account access to your resources before deploying permissions changes.
Unused access analyzers help identify potential identity access risks by enabling you to identify unused IAM roles, unused access keys, unused console passwords, and IAM principals with unused service and action-level permissions.
Beyond findings, IAM Access Analyzer provides basic and custom policy checks to validate IAM policies before deploying permissions changes. You can use policy generation to refine permissions by attaching a policy generated using access activity logged in CloudTrail logs.
This guide describes the IAM Access Analyzer operations that you can call programmatically. For general information about IAM Access Analyzer, see Identity and Access Management Access Analyzer in the IAM User Guide.
import boto3 client = boto3.client('accessanalyzer')
These are the available methods:
- apply_archive_rule
- can_paginate
- cancel_policy_generation
- check_access_not_granted
- check_no_new_access
- check_no_public_access
- close
- create_access_preview
- create_analyzer
- create_archive_rule
- delete_analyzer
- delete_archive_rule
- generate_finding_recommendation
- get_access_preview
- get_analyzed_resource
- get_analyzer
- get_archive_rule
- get_finding
- get_finding_recommendation
- get_finding_v2
- get_generated_policy
- get_paginator
- get_waiter
- list_access_preview_findings
- list_access_previews
- list_analyzed_resources
- list_analyzers
- list_archive_rules
- list_findings
- list_findings_v2
- list_policy_generations
- list_tags_for_resource
- start_policy_generation
- start_resource_scan
- tag_resource
- untag_resource
- update_analyzer
- update_archive_rule
- update_findings
- validate_policy
Paginators#
Paginators are available on a client instance via the get_paginator
method. For more detailed instructions and examples on the usage of paginators, see the paginators user guide.
The available paginators are: