{"note":"OpenAPI conversion -- returning structured metadata","name":"amazonaws-com-accessanalyzer","description":"Access Analyzer","version":"2019-11-01","base_url":"","endpoints":35,"raw":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api Access Analyzer\n@version 2019-11-01\n@auth AWS SigV4\n@endpoints 35\n@hint download_for_search\n@toc archive-rule(1), policy(8), access-preview(4), analyzer(9), recommendation(2), analyzed-resource(2), finding(3), findingv2(2), tags(3), resource(1)\n\n@group archive-rule\n@endpoint PUT /archive-rule\n@desc Retroactively applies the archive rule to existing findings that meet the archive rule criteria.\n@required {analyzerArn: str, ruleName: str}\n@optional {clientToken: str}\n\n@endgroup\n\n@group policy\n@endpoint PUT /policy/generation/{jobId}\n@desc Cancels the requested policy generation.\n@required {jobId: str}\n\n@endpoint POST /policy/check-access-not-granted\n@desc Checks whether the specified access isn't allowed by a policy.\n@required {policyDocument: str, access: [Access], policyType: str}\n@returns(200) {result: str?, message: str?, reasons: [ReasonSummary]?}\n\n@endpoint POST /policy/check-no-new-access\n@desc Checks whether new access is allowed for an updated policy when compared to the existing policy. You can find examples for reference policies and learn how to set up and run a custom policy check for new access in the IAM Access Analyzer custom policy checks samples repository on GitHub. The reference policies in this repository are meant to be passed to the existingPolicyDocument request parameter.\n@required {newPolicyDocument: str, existingPolicyDocument: str, policyType: str}\n@returns(200) {result: str?, message: str?, reasons: [ReasonSummary]?}\n\n@endpoint POST /policy/check-no-public-access\n@desc Checks whether a resource policy can grant public access to the specified resource type.\n@required {policyDocument: str, resourceType: str}\n@returns(200) {result: str?, message: str?, reasons: [ReasonSummary]?}\n\n@endgroup\n\n@group access-preview\n@endpoint PUT /access-preview\n@desc Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.\n@required {analyzerArn: str, configurations: map<str,Configuration>}\n@optional {clientToken: str}\n@returns(200) {id: str}\n\n@endgroup\n\n@group analyzer\n@endpoint PUT /analyzer\n@desc Creates an analyzer for your account.\n@required {analyzerName: str, type: str}\n@optional {archiveRules: [InlineArchiveRule], tags: map<str,str>, clientToken: str, configuration: AnalyzerConfiguration}\n@returns(200) {arn: str?}\n\n@endpoint PUT /analyzer/{analyzerName}/archive-rule\n@desc Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule. To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.\n@required {analyzerName: str, ruleName: str, filter: map<str,Criterion>}\n@optional {clientToken: str}\n\n@endpoint DELETE /analyzer/{analyzerName}\n@desc Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.\n@required {analyzerName: str}\n@optional {clientToken: str}\n\n@endpoint DELETE /analyzer/{analyzerName}/archive-rule/{ruleName}\n@desc Deletes the specified archive rule.\n@required {analyzerName: str, ruleName: str}\n@optional {clientToken: str}\n\n@endgroup\n\n@group recommendation\n@endpoint POST /recommendation/{id}\n@desc Creates a recommendation for an unused permissions finding.\n@required {analyzerArn: str, id: str}\n\n@endgroup\n\n@group access-preview\n@endpoint GET /access-preview/{accessPreviewId}\n@desc Retrieves information about an access preview for the specified analyzer.\n@required {accessPreviewId: str, analyzerArn: str}\n@returns(200) {accessPreview: AccessPreview{id: str, analyzerArn: str, configurations: map<str,Configuration>, createdAt: str(timestamp), status: str, statusReason: AccessPreviewStatusReason?{code: str}}}\n\n@endgroup\n\n@group analyzed-resource\n@endpoint GET /analyzed-resource\n@desc Retrieves information about a resource that was analyzed.\n@required {analyzerArn: str, resourceArn: str}\n@returns(200) {resource: AnalyzedResource?{resourceArn: str, resourceType: str, createdAt: str(timestamp), analyzedAt: str(timestamp), updatedAt: str(timestamp), isPublic: bool, actions: [str]?, sharedVia: [str]?, status: str?, resourceOwnerAccount: str, error: str?}}\n\n@endgroup\n\n@group analyzer\n@endpoint GET /analyzer/{analyzerName}\n@desc Retrieves information about the specified analyzer.\n@required {analyzerName: str}\n@returns(200) {analyzer: AnalyzerSummary{arn: str, name: str, type: str, createdAt: str(timestamp), lastResourceAnalyzed: str?, lastResourceAnalyzedAt: str(timestamp)?, tags: map<str,str>?, status: str, statusReason: StatusReason?{code: str}, configuration: AnalyzerConfiguration?{unusedAccess: UnusedAccessConfiguration?{unusedAccessAge: int?}}}}\n\n@endpoint GET /analyzer/{analyzerName}/archive-rule/{ruleName}\n@desc Retrieves information about an archive rule. To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.\n@required {analyzerName: str, ruleName: str}\n@returns(200) {archiveRule: ArchiveRuleSummary{ruleName: str, filter: map<str,Criterion>, createdAt: str(timestamp), updatedAt: str(timestamp)}}\n\n@endgroup\n\n@group finding\n@endpoint GET /finding/{id}\n@desc Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.\n@required {analyzerArn: str, id: str}\n@returns(200) {finding: Finding?{id: str, principal: map<str,str>?, action: [str]?, resource: str?, isPublic: bool?, resourceType: str, condition: map<str,str>, createdAt: str(timestamp), analyzedAt: str(timestamp), updatedAt: str(timestamp), status: str, resourceOwnerAccount: str, error: str?, sources: [FindingSource]?}}\n\n@endgroup\n\n@group recommendation\n@endpoint GET /recommendation/{id}\n@desc Retrieves information about a finding recommendation for the specified analyzer.\n@required {analyzerArn: str, id: str}\n@optional {maxResults: int, nextToken: str}\n@returns(200) {startedAt: str(timestamp), completedAt: str(timestamp)?, nextToken: str?, error: RecommendationError?{code: str, message: str}, resourceArn: str, recommendedSteps: [RecommendedStep]?, recommendationType: str, status: str}\n\n@endgroup\n\n@group findingv2\n@endpoint GET /findingv2/{id}\n@desc Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.\n@required {analyzerArn: str, id: str}\n@optional {maxResults: int, nextToken: str}\n@returns(200) {analyzedAt: str(timestamp), createdAt: str(timestamp), error: str?, id: str, nextToken: str?, resource: str?, resourceType: str, resourceOwnerAccount: str, status: str, updatedAt: str(timestamp), findingDetails: [FindingDetails], findingType: str?}\n\n@endgroup\n\n@group policy\n@endpoint GET /policy/generation/{jobId}\n@desc Retrieves the policy that was generated using StartPolicyGeneration.\n@required {jobId: str}\n@optional {includeResourcePlaceholders: bool, includeServiceLevelTemplate: bool}\n@returns(200) {jobDetails: JobDetails{jobId: str, status: str, startedOn: str(timestamp), completedOn: str(timestamp)?, jobError: JobError?{code: str, message: str}}, generatedPolicyResult: GeneratedPolicyResult{properties: GeneratedPolicyProperties{isComplete: bool?, principalArn: str, cloudTrailProperties: CloudTrailProperties?{trailProperties: [TrailProperties], startTime: str(timestamp), endTime: str(timestamp)}}, generatedPolicies: [GeneratedPolicy]?}}\n\n@endgroup\n\n@group access-preview\n@endpoint POST /access-preview/{accessPreviewId}\n@desc Retrieves a list of access preview findings generated by the specified access preview.\n@required {accessPreviewId: str, analyzerArn: str}\n@optional {filter: map<str,Criterion>, nextToken: str, maxResults: int}\n@returns(200) {findings: [AccessPreviewFinding], nextToken: str?}\n\n@endpoint GET /access-preview\n@desc Retrieves a list of access previews for the specified analyzer.\n@required {analyzerArn: str}\n@optional {nextToken: str, maxResults: int}\n@returns(200) {accessPreviews: [AccessPreviewSummary], nextToken: str?}\n\n@endgroup\n\n@group analyzed-resource\n@endpoint POST /analyzed-resource\n@desc Retrieves a list of resources of the specified type that have been analyzed by the specified external access analyzer. This action is not supported for unused access analyzers.\n@required {analyzerArn: str}\n@optional {resourceType: str, nextToken: str, maxResults: int}\n@returns(200) {analyzedResources: [AnalyzedResourceSummary], nextToken: str?}\n\n@endgroup\n\n@group analyzer\n@endpoint GET /analyzer\n@desc Retrieves a list of analyzers.\n@optional {nextToken: str, maxResults: int, type: str}\n@returns(200) {analyzers: [AnalyzerSummary], nextToken: str?}\n\n@endpoint GET /analyzer/{analyzerName}/archive-rule\n@desc Retrieves a list of archive rules created for the specified analyzer.\n@required {analyzerName: str}\n@optional {nextToken: str, maxResults: int}\n@returns(200) {archiveRules: [ArchiveRuleSummary], nextToken: str?}\n\n@endgroup\n\n@group finding\n@endpoint POST /finding\n@desc Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use access-analyzer:ListFindings in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:ListFindings action. To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.\n@required {analyzerArn: str}\n@optional {filter: map<str,Criterion>, sort: SortCriteria, nextToken: str, maxResults: int}\n@returns(200) {findings: [FindingSummary], nextToken: str?}\n\n@endgroup\n\n@group findingv2\n@endpoint POST /findingv2\n@desc Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use access-analyzer:ListFindings in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:ListFindings action. To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.\n@required {analyzerArn: str}\n@optional {filter: map<str,Criterion>, maxResults: int, nextToken: str, sort: SortCriteria}\n@returns(200) {findings: [FindingSummaryV2], nextToken: str?}\n\n@endgroup\n\n@group policy\n@endpoint GET /policy/generation\n@desc Lists all of the policy generations requested in the last seven days.\n@optional {principalArn: str, maxResults: int, nextToken: str}\n@returns(200) {policyGenerations: [PolicyGeneration], nextToken: str?}\n\n@endgroup\n\n@group tags\n@endpoint GET /tags/{resourceArn}\n@desc Retrieves a list of tags applied to the specified resource.\n@required {resourceArn: str}\n@returns(200) {tags: map<str,str>?}\n\n@endgroup\n\n@group policy\n@endpoint PUT /policy/generation\n@desc Starts the policy generation request.\n@required {policyGenerationDetails: PolicyGenerationDetails}\n@optional {cloudTrailDetails: CloudTrailDetails, clientToken: str}\n@returns(200) {jobId: str}\n\n@endgroup\n\n@group resource\n@endpoint POST /resource/scan\n@desc Immediately starts a scan of the policies applied to the specified resource.\n@required {analyzerArn: str, resourceArn: str}\n@optional {resourceOwnerAccount: str}\n\n@endgroup\n\n@group tags\n@endpoint POST /tags/{resourceArn}\n@desc Adds a tag to the specified resource.\n@required {resourceArn: str, tags: map<str,str>}\n\n@endpoint DELETE /tags/{resourceArn}\n@desc Removes a tag from the specified resource.\n@required {resourceArn: str, tagKeys: [str]}\n\n@endgroup\n\n@group analyzer\n@endpoint PUT /analyzer/{analyzerName}/archive-rule/{ruleName}\n@desc Updates the criteria and values for the specified archive rule.\n@required {analyzerName: str, ruleName: str, filter: map<str,Criterion>}\n@optional {clientToken: str}\n\n@endgroup\n\n@group finding\n@endpoint PUT /finding\n@desc Updates the status for the specified findings.\n@required {analyzerArn: str, status: str}\n@optional {ids: [str], resourceArn: str, clientToken: str}\n\n@endgroup\n\n@group policy\n@endpoint POST /policy/validation\n@desc Requests the validation of a policy and returns a list of findings. The findings help you identify issues and provide actionable recommendations to resolve the issue and enable you to author functional policies that meet security best practices.\n@required {policyDocument: str, policyType: str}\n@optional {maxResults: int, nextToken: str, locale: str, validatePolicyResourceType: str}\n@returns(200) {findings: [ValidatePolicyFinding], nextToken: str?}\n\n@endgroup\n\n@end\n"}