2020/04/27 - Access Analyzer - 2 updated api methods
Changes Update accessanalyzer client to latest version
{'finding': {'sources': [{'detail': {'accessPointArn': 'string'},
'type': 'BUCKET_ACL | POLICY | S3_ACCESS_POINT'}]}}
Retrieves information about the specified finding.
See also: AWS API Documentation
Request Syntax
client.get_finding(
analyzerArn='string',
id='string'
)
string
[REQUIRED]
The ARN of the analyzer that generated the finding.
string
[REQUIRED]
The ID of the finding to retrieve.
dict
Response Syntax
{
'finding': {
'action': [
'string',
],
'analyzedAt': datetime(2015, 1, 1),
'condition': {
'string': 'string'
},
'createdAt': datetime(2015, 1, 1),
'error': 'string',
'id': 'string',
'isPublic': True|False,
'principal': {
'string': 'string'
},
'resource': 'string',
'resourceOwnerAccount': 'string',
'resourceType': 'AWS::IAM::Role'|'AWS::KMS::Key'|'AWS::Lambda::Function'|'AWS::Lambda::LayerVersion'|'AWS::S3::Bucket'|'AWS::SQS::Queue',
'sources': [
{
'detail': {
'accessPointArn': 'string'
},
'type': 'BUCKET_ACL'|'POLICY'|'S3_ACCESS_POINT'
},
],
'status': 'ACTIVE'|'ARCHIVED'|'RESOLVED',
'updatedAt': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
The response to the request.
finding (dict) --
A finding object that contains finding details.
action (list) --
The action in the analyzed policy statement that an external principal has permission to use.
(string) --
analyzedAt (datetime) --
The time at which the resource was analyzed.
condition (dict) --
The condition in the analyzed policy statement that resulted in a finding.
(string) --
(string) --
createdAt (datetime) --
The time at which the finding was generated.
error (string) --
An error.
id (string) --
The ID of the finding.
isPublic (boolean) --
Indicates whether the policy that generated the finding allows public access to the resource.
principal (dict) --
The external principal that access to a resource within the zone of trust.
(string) --
(string) --
resource (string) --
The resource that an external principal has access to.
resourceOwnerAccount (string) --
The AWS account ID that owns the resource.
resourceType (string) --
The type of the resource reported in the finding.
sources (list) --
The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
(dict) --
The source of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
detail (dict) --
Includes details about how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.
accessPointArn (string) --
The ARN of the access point that generated the finding.
type (string) --
Indicates the type of access that generated the finding.
status (string) --
The current status of the finding.
updatedAt (datetime) --
The time at which the finding was updated.
{'findings': {'sources': [{'detail': {'accessPointArn': 'string'},
'type': 'BUCKET_ACL | POLICY | S3_ACCESS_POINT'}]}}
Retrieves a list of findings generated by the specified analyzer.
See also: AWS API Documentation
Request Syntax
client.list_findings(
analyzerArn='string',
filter={
'string': {
'contains': [
'string',
],
'eq': [
'string',
],
'exists': True|False,
'neq': [
'string',
]
}
},
maxResults=123,
nextToken='string',
sort={
'attributeName': 'string',
'orderBy': 'ASC'|'DESC'
}
)
string
[REQUIRED]
The ARN of the analyzer to retrieve findings from.
dict
A filter to match for the findings to return.
(string) --
(dict) --
The criteria to use in the filter that defines the archive rule.
contains (list) --
A "contains" operator to match for the filter used to create the rule.
(string) --
eq (list) --
An "equals" operator to match for the filter used to create the rule.
(string) --
exists (boolean) --
An "exists" operator to match for the filter used to create the rule.
neq (list) --
A "not equals" operator to match for the filter used to create the rule.
(string) --
integer
The maximum number of results to return in the response.
string
A token used for pagination of results returned.
dict
The sort order for the findings returned.
attributeName (string) --
The name of the attribute to sort on.
orderBy (string) --
The sort order, ascending or descending.
dict
Response Syntax
{
'findings': [
{
'action': [
'string',
],
'analyzedAt': datetime(2015, 1, 1),
'condition': {
'string': 'string'
},
'createdAt': datetime(2015, 1, 1),
'error': 'string',
'id': 'string',
'isPublic': True|False,
'principal': {
'string': 'string'
},
'resource': 'string',
'resourceOwnerAccount': 'string',
'resourceType': 'AWS::IAM::Role'|'AWS::KMS::Key'|'AWS::Lambda::Function'|'AWS::Lambda::LayerVersion'|'AWS::S3::Bucket'|'AWS::SQS::Queue',
'sources': [
{
'detail': {
'accessPointArn': 'string'
},
'type': 'BUCKET_ACL'|'POLICY'|'S3_ACCESS_POINT'
},
],
'status': 'ACTIVE'|'ARCHIVED'|'RESOLVED',
'updatedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
The response to the request.
findings (list) --
A list of findings retrieved from the analyzer that match the filter criteria specified, if any.
(dict) --
Contains information about a finding.
action (list) --
The action in the analyzed policy statement that an external principal has permission to use.
(string) --
analyzedAt (datetime) --
The time at which the resource-based policy that generated the finding was analyzed.
condition (dict) --
The condition in the analyzed policy statement that resulted in a finding.
(string) --
(string) --
createdAt (datetime) --
The time at which the finding was created.
error (string) --
The error that resulted in an Error finding.
id (string) --
The ID of the finding.
isPublic (boolean) --
Indicates whether the finding reports a resource that has a policy that allows public access.
principal (dict) --
The external principal that has access to a resource within the zone of trust.
(string) --
(string) --
resource (string) --
The resource that the external principal has access to.
resourceOwnerAccount (string) --
The AWS account ID that owns the resource.
resourceType (string) --
The type of the resource that the external principal has access to.
sources (list) --
The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
(dict) --
The source of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
detail (dict) --
Includes details about how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.
accessPointArn (string) --
The ARN of the access point that generated the finding.
type (string) --
Indicates the type of access that generated the finding.
status (string) --
The status of the finding.
updatedAt (datetime) --
The time at which the finding was most recently updated.
nextToken (string) --
A token used for pagination of results returned.