Class: Aws::AccessAnalyzer::Client
- Inherits:
-
Seahorse::Client::Base
- Object
- Seahorse::Client::Base
- Aws::AccessAnalyzer::Client
- Includes:
- ClientStubs
- Defined in:
- lib/aws-sdk-accessanalyzer/client.rb
Overview
An API client for AccessAnalyzer. To construct a client, you need to configure a ‘:region` and `:credentials`.
client = Aws::AccessAnalyzer::Client.new(
region: region_name,
credentials: credentials,
# ...
)
For details on configuring region and credentials see the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
See #initialize for a full list of supported configuration options.
Class Attribute Summary collapse
- .identifier ⇒ Object readonly private
API Operations collapse
-
#apply_archive_rule(params = {}) ⇒ Struct
Retroactively applies the archive rule to existing findings that meet the archive rule criteria.
-
#cancel_policy_generation(params = {}) ⇒ Struct
Cancels the requested policy generation.
-
#check_access_not_granted(params = {}) ⇒ Types::CheckAccessNotGrantedResponse
Checks whether the specified access isn’t allowed by a policy.
-
#check_no_new_access(params = {}) ⇒ Types::CheckNoNewAccessResponse
Checks whether new access is allowed for an updated policy when compared to the existing policy.
-
#check_no_public_access(params = {}) ⇒ Types::CheckNoPublicAccessResponse
Checks whether a resource policy can grant public access to the specified resource type.
-
#create_access_preview(params = {}) ⇒ Types::CreateAccessPreviewResponse
Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.
-
#create_analyzer(params = {}) ⇒ Types::CreateAnalyzerResponse
Creates an analyzer for your account.
-
#create_archive_rule(params = {}) ⇒ Struct
Creates an archive rule for the specified analyzer.
-
#delete_analyzer(params = {}) ⇒ Struct
Deletes the specified analyzer.
-
#delete_archive_rule(params = {}) ⇒ Struct
Deletes the specified archive rule.
-
#generate_finding_recommendation(params = {}) ⇒ Struct
Creates a recommendation for an unused permissions finding.
-
#get_access_preview(params = {}) ⇒ Types::GetAccessPreviewResponse
Retrieves information about an access preview for the specified analyzer.
-
#get_analyzed_resource(params = {}) ⇒ Types::GetAnalyzedResourceResponse
Retrieves information about a resource that was analyzed.
-
#get_analyzer(params = {}) ⇒ Types::GetAnalyzerResponse
Retrieves information about the specified analyzer.
-
#get_archive_rule(params = {}) ⇒ Types::GetArchiveRuleResponse
Retrieves information about an archive rule.
-
#get_finding(params = {}) ⇒ Types::GetFindingResponse
Retrieves information about the specified finding.
-
#get_finding_recommendation(params = {}) ⇒ Types::GetFindingRecommendationResponse
Retrieves information about a finding recommendation for the specified analyzer.
-
#get_finding_v2(params = {}) ⇒ Types::GetFindingV2Response
Retrieves information about the specified finding.
-
#get_generated_policy(params = {}) ⇒ Types::GetGeneratedPolicyResponse
Retrieves the policy that was generated using ‘StartPolicyGeneration`.
-
#list_access_preview_findings(params = {}) ⇒ Types::ListAccessPreviewFindingsResponse
Retrieves a list of access preview findings generated by the specified access preview.
-
#list_access_previews(params = {}) ⇒ Types::ListAccessPreviewsResponse
Retrieves a list of access previews for the specified analyzer.
-
#list_analyzed_resources(params = {}) ⇒ Types::ListAnalyzedResourcesResponse
Retrieves a list of resources of the specified type that have been analyzed by the specified analyzer.
-
#list_analyzers(params = {}) ⇒ Types::ListAnalyzersResponse
Retrieves a list of analyzers.
-
#list_archive_rules(params = {}) ⇒ Types::ListArchiveRulesResponse
Retrieves a list of archive rules created for the specified analyzer.
-
#list_findings(params = {}) ⇒ Types::ListFindingsResponse
Retrieves a list of findings generated by the specified analyzer.
-
#list_findings_v2(params = {}) ⇒ Types::ListFindingsV2Response
Retrieves a list of findings generated by the specified analyzer.
-
#list_policy_generations(params = {}) ⇒ Types::ListPolicyGenerationsResponse
Lists all of the policy generations requested in the last seven days.
-
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Retrieves a list of tags applied to the specified resource.
-
#start_policy_generation(params = {}) ⇒ Types::StartPolicyGenerationResponse
Starts the policy generation request.
-
#start_resource_scan(params = {}) ⇒ Struct
Immediately starts a scan of the policies applied to the specified resource.
-
#tag_resource(params = {}) ⇒ Struct
Adds a tag to the specified resource.
-
#untag_resource(params = {}) ⇒ Struct
Removes a tag from the specified resource.
-
#update_analyzer(params = {}) ⇒ Types::UpdateAnalyzerResponse
Modifies the configuration of an existing analyzer.
-
#update_archive_rule(params = {}) ⇒ Struct
Updates the criteria and values for the specified archive rule.
-
#update_findings(params = {}) ⇒ Struct
Updates the status for the specified findings.
-
#validate_policy(params = {}) ⇒ Types::ValidatePolicyResponse
Requests the validation of a policy and returns a list of findings.
Class Method Summary collapse
- .errors_module ⇒ Object private
Instance Method Summary collapse
- #build_request(operation_name, params = {}) ⇒ Object private
-
#initialize(options) ⇒ Client
constructor
A new instance of Client.
- #waiter_names ⇒ Object deprecated private Deprecated.
Constructor Details
#initialize(options) ⇒ Client
Returns a new instance of Client.
444 445 446 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 444 def initialize(*args) super end |
Class Attribute Details
.identifier ⇒ Object (readonly)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
2767 2768 2769 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2767 def identifier @identifier end |
Class Method Details
.errors_module ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
2770 2771 2772 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2770 def errors_module Errors end |
Instance Method Details
#apply_archive_rule(params = {}) ⇒ Struct
Retroactively applies the archive rule to existing findings that meet the archive rule criteria.
479 480 481 482 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 479 def apply_archive_rule(params = {}, = {}) req = build_request(:apply_archive_rule, params) req.send_request() end |
#build_request(operation_name, params = {}) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
2740 2741 2742 2743 2744 2745 2746 2747 2748 2749 2750 2751 2752 2753 2754 2755 2756 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2740 def build_request(operation_name, params = {}) handlers = @handlers.for(operation_name) tracer = config.telemetry_provider.tracer_provider.tracer( Aws::Telemetry.module_to_tracer_name('Aws::AccessAnalyzer') ) context = Seahorse::Client::RequestContext.new( operation_name: operation_name, operation: config.api.operation(operation_name), client: self, params: params, config: config, tracer: tracer ) context[:gem_name] = 'aws-sdk-accessanalyzer' context[:gem_version] = '1.64.0' Seahorse::Client::Request.new(handlers, context) end |
#cancel_policy_generation(params = {}) ⇒ Struct
Cancels the requested policy generation.
504 505 506 507 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 504 def cancel_policy_generation(params = {}, = {}) req = build_request(:cancel_policy_generation, params) req.send_request() end |
#check_access_not_granted(params = {}) ⇒ Types::CheckAccessNotGrantedResponse
Checks whether the specified access isn’t allowed by a policy.
633 634 635 636 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 633 def check_access_not_granted(params = {}, = {}) req = build_request(:check_access_not_granted, params) req.send_request() end |
#check_no_new_access(params = {}) ⇒ Types::CheckNoNewAccessResponse
Checks whether new access is allowed for an updated policy when compared to the existing policy.
You can find examples for reference policies and learn how to set up and run a custom policy check for new access in the [IAM Access Analyzer custom policy checks samples] repository on GitHub. The reference policies in this repository are meant to be passed to the ‘existingPolicyDocument` request parameter.
[1]: github.com/aws-samples/iam-access-analyzer-custom-policy-check-samples
696 697 698 699 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 696 def check_no_new_access(params = {}, = {}) req = build_request(:check_no_new_access, params) req.send_request() end |
#check_no_public_access(params = {}) ⇒ Types::CheckNoPublicAccessResponse
Checks whether a resource policy can grant public access to the specified resource type.
775 776 777 778 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 775 def check_no_public_access(params = {}, = {}) req = build_request(:check_no_public_access, params) req.send_request() end |
#create_access_preview(params = {}) ⇒ Types::CreateAccessPreviewResponse
Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.
931 932 933 934 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 931 def create_access_preview(params = {}, = {}) req = build_request(:create_access_preview, params) req.send_request() end |
#create_analyzer(params = {}) ⇒ Types::CreateAnalyzerResponse
Creates an analyzer for your account.
1027 1028 1029 1030 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 1027 def create_analyzer(params = {}, = {}) req = build_request(:create_analyzer, params) req.send_request() end |
#create_archive_rule(params = {}) ⇒ Struct
Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.
To learn about filter keys that you can use to create an archive rule, see [IAM Access Analyzer filter keys] in the **IAM User Guide**.
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
1080 1081 1082 1083 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 1080 def create_archive_rule(params = {}, = {}) req = build_request(:create_archive_rule, params) req.send_request() end |
#delete_analyzer(params = {}) ⇒ Struct
Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.
1112 1113 1114 1115 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 1112 def delete_analyzer(params = {}, = {}) req = build_request(:delete_analyzer, params) req.send_request() end |
#delete_archive_rule(params = {}) ⇒ Struct
Deletes the specified archive rule.
1146 1147 1148 1149 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 1146 def delete_archive_rule(params = {}, = {}) req = build_request(:delete_archive_rule, params) req.send_request() end |
#generate_finding_recommendation(params = {}) ⇒ Struct
Creates a recommendation for an unused permissions finding.
1196 1197 1198 1199 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 1196 def generate_finding_recommendation(params = {}, = {}) req = build_request(:generate_finding_recommendation, params) req.send_request() end |
#get_access_preview(params = {}) ⇒ Types::GetAccessPreviewResponse
Retrieves information about an access preview for the specified analyzer.
1285 1286 1287 1288 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 1285 def get_access_preview(params = {}, = {}) req = build_request(:get_access_preview, params) req.send_request() end |
#get_analyzed_resource(params = {}) ⇒ Types::GetAnalyzedResourceResponse
Retrieves information about a resource that was analyzed.
1333 1334 1335 1336 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 1333 def get_analyzed_resource(params = {}, = {}) req = build_request(:get_analyzed_resource, params) req.send_request() end |
#get_analyzer(params = {}) ⇒ Types::GetAnalyzerResponse
Retrieves information about the specified analyzer.
1377 1378 1379 1380 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 1377 def get_analyzer(params = {}, = {}) req = build_request(:get_analyzer, params) req.send_request() end |
#get_archive_rule(params = {}) ⇒ Types::GetArchiveRuleResponse
Retrieves information about an archive rule.
To learn about filter keys that you can use to create an archive rule, see [IAM Access Analyzer filter keys] in the **IAM User Guide**.
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
1426 1427 1428 1429 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 1426 def get_archive_rule(params = {}, = {}) req = build_request(:get_archive_rule, params) req.send_request() end |
#get_finding(params = {}) ⇒ Types::GetFindingResponse
Retrieves information about the specified finding. GetFinding and GetFindingV2 both use ‘access-analyzer:GetFinding` in the `Action` element of an IAM policy statement. You must have permission to perform the `access-analyzer:GetFinding` action.
1485 1486 1487 1488 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 1485 def get_finding(params = {}, = {}) req = build_request(:get_finding, params) req.send_request() end |
#get_finding_recommendation(params = {}) ⇒ Types::GetFindingRecommendationResponse
Retrieves information about a finding recommendation for the specified analyzer.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1630 1631 1632 1633 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 1630 def get_finding_recommendation(params = {}, = {}) req = build_request(:get_finding_recommendation, params) req.send_request() end |
#get_finding_v2(params = {}) ⇒ Types::GetFindingV2Response
Retrieves information about the specified finding. GetFinding and GetFindingV2 both use ‘access-analyzer:GetFinding` in the `Action` element of an IAM policy statement. You must have permission to perform the `access-analyzer:GetFinding` action.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1722 1723 1724 1725 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 1722 def get_finding_v2(params = {}, = {}) req = build_request(:get_finding_v2, params) req.send_request() end |
#get_generated_policy(params = {}) ⇒ Types::GetGeneratedPolicyResponse
Retrieves the policy that was generated using ‘StartPolicyGeneration`.
1789 1790 1791 1792 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 1789 def get_generated_policy(params = {}, = {}) req = build_request(:get_generated_policy, params) req.send_request() end |
#list_access_preview_findings(params = {}) ⇒ Types::ListAccessPreviewFindingsResponse
Retrieves a list of access preview findings generated by the specified access preview.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1871 1872 1873 1874 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 1871 def list_access_preview_findings(params = {}, = {}) req = build_request(:list_access_preview_findings, params) req.send_request() end |
#list_access_previews(params = {}) ⇒ Types::ListAccessPreviewsResponse
Retrieves a list of access previews for the specified analyzer.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1920 1921 1922 1923 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 1920 def list_access_previews(params = {}, = {}) req = build_request(:list_access_previews, params) req.send_request() end |
#list_analyzed_resources(params = {}) ⇒ Types::ListAnalyzedResourcesResponse
Retrieves a list of resources of the specified type that have been analyzed by the specified analyzer.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1973 1974 1975 1976 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 1973 def list_analyzed_resources(params = {}, = {}) req = build_request(:list_analyzed_resources, params) req.send_request() end |
#list_analyzers(params = {}) ⇒ Types::ListAnalyzersResponse
Retrieves a list of analyzers.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2030 2031 2032 2033 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2030 def list_analyzers(params = {}, = {}) req = build_request(:list_analyzers, params) req.send_request() end |
#list_archive_rules(params = {}) ⇒ Types::ListArchiveRulesResponse
Retrieves a list of archive rules created for the specified analyzer.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2081 2082 2083 2084 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2081 def list_archive_rules(params = {}, = {}) req = build_request(:list_archive_rules, params) req.send_request() end |
#list_findings(params = {}) ⇒ Types::ListFindingsResponse
Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use ‘access-analyzer:ListFindings` in the `Action` element of an IAM policy statement. You must have permission to perform the `access-analyzer:ListFindings` action.
To learn about filter keys that you can use to retrieve a list of findings, see [IAM Access Analyzer filter keys] in the **IAM User Guide**.
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2176 2177 2178 2179 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2176 def list_findings(params = {}, = {}) req = build_request(:list_findings, params) req.send_request() end |
#list_findings_v2(params = {}) ⇒ Types::ListFindingsV2Response
Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use ‘access-analyzer:ListFindings` in the `Action` element of an IAM policy statement. You must have permission to perform the `access-analyzer:ListFindings` action.
To learn about filter keys that you can use to retrieve a list of findings, see [IAM Access Analyzer filter keys] in the **IAM User Guide**.
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2260 2261 2262 2263 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2260 def list_findings_v2(params = {}, = {}) req = build_request(:list_findings_v2, params) req.send_request() end |
#list_policy_generations(params = {}) ⇒ Types::ListPolicyGenerationsResponse
Lists all of the policy generations requested in the last seven days.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2307 2308 2309 2310 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2307 def list_policy_generations(params = {}, = {}) req = build_request(:list_policy_generations, params) req.send_request() end |
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Retrieves a list of tags applied to the specified resource.
2336 2337 2338 2339 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2336 def (params = {}, = {}) req = build_request(:list_tags_for_resource, params) req.send_request() end |
#start_policy_generation(params = {}) ⇒ Types::StartPolicyGenerationResponse
Starts the policy generation request.
2398 2399 2400 2401 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2398 def start_policy_generation(params = {}, = {}) req = build_request(:start_policy_generation, params) req.send_request() end |
#start_resource_scan(params = {}) ⇒ Struct
Immediately starts a scan of the policies applied to the specified resource.
2436 2437 2438 2439 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2436 def start_resource_scan(params = {}, = {}) req = build_request(:start_resource_scan, params) req.send_request() end |
#tag_resource(params = {}) ⇒ Struct
Adds a tag to the specified resource.
2464 2465 2466 2467 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2464 def tag_resource(params = {}, = {}) req = build_request(:tag_resource, params) req.send_request() end |
#untag_resource(params = {}) ⇒ Struct
Removes a tag from the specified resource.
2490 2491 2492 2493 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2490 def untag_resource(params = {}, = {}) req = build_request(:untag_resource, params) req.send_request() end |
#update_analyzer(params = {}) ⇒ Types::UpdateAnalyzerResponse
Modifies the configuration of an existing analyzer.
2545 2546 2547 2548 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2545 def update_analyzer(params = {}, = {}) req = build_request(:update_analyzer, params) req.send_request() end |
#update_archive_rule(params = {}) ⇒ Struct
Updates the criteria and values for the specified archive rule.
2590 2591 2592 2593 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2590 def update_archive_rule(params = {}, = {}) req = build_request(:update_archive_rule, params) req.send_request() end |
#update_findings(params = {}) ⇒ Struct
Updates the status for the specified findings.
2637 2638 2639 2640 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2637 def update_findings(params = {}, = {}) req = build_request(:update_findings, params) req.send_request() end |
#validate_policy(params = {}) ⇒ Types::ValidatePolicyResponse
Requests the validation of a policy and returns a list of findings. The findings help you identify issues and provide actionable recommendations to resolve the issue and enable you to author functional policies that meet security best practices.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2731 2732 2733 2734 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2731 def validate_policy(params = {}, = {}) req = build_request(:validate_policy, params) req.send_request() end |
#waiter_names ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
2760 2761 2762 |
# File 'lib/aws-sdk-accessanalyzer/client.rb', line 2760 def waiter_names [] end |