1. Packages
  2. AWS Native
  3. API Docs
  4. accessanalyzer
  5. Analyzer

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.100.0 published on Wednesday, Mar 27, 2024 by Pulumi

aws-native.accessanalyzer.Analyzer

Explore with Pulumi AI

aws-native logo

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.100.0 published on Wednesday, Mar 27, 2024 by Pulumi

    The AWS::AccessAnalyzer::Analyzer type specifies an analyzer of the user’s account

    Example Usage

    Example

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AwsNative = Pulumi.AwsNative;
    
    return await Deployment.RunAsync(() => 
    {
        var analyzer = new AwsNative.AccessAnalyzer.Analyzer("analyzer", new()
        {
            AnalyzerName = "DevAccountAnalyzer",
            ArchiveRules = new[]
            {
                new AwsNative.AccessAnalyzer.Inputs.AnalyzerArchiveRuleArgs
                {
                    Filter = new[]
                    {
                        new AwsNative.AccessAnalyzer.Inputs.AnalyzerFilterArgs
                        {
                            Eq = new[]
                            {
                                "123456789012",
                            },
                            Property = "principal.AWS",
                        },
                    },
                    RuleName = "ArchiveTrustedAccountAccess",
                },
                new AwsNative.AccessAnalyzer.Inputs.AnalyzerArchiveRuleArgs
                {
                    Filter = new[]
                    {
                        new AwsNative.AccessAnalyzer.Inputs.AnalyzerFilterArgs
                        {
                            Contains = new[]
                            {
                                "arn:aws:s3:::docs-bucket",
                                "arn:aws:s3:::clients-bucket",
                            },
                            Property = "resource",
                        },
                    },
                    RuleName = "ArchivePublicS3BucketsAccess",
                },
            },
            Tags = new[]
            {
                new AwsNative.Inputs.TagArgs
                {
                    Key = "Kind",
                    Value = "Dev",
                },
            },
            Type = "ACCOUNT",
        });
    
    });
    
    package main
    
    import (
    	awsnative "github.com/pulumi/pulumi-aws-native/sdk/go/aws"
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/accessanalyzer"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := accessanalyzer.NewAnalyzer(ctx, "analyzer", &accessanalyzer.AnalyzerArgs{
    			AnalyzerName: pulumi.String("DevAccountAnalyzer"),
    			ArchiveRules: accessanalyzer.AnalyzerArchiveRuleArray{
    				&accessanalyzer.AnalyzerArchiveRuleArgs{
    					Filter: []accessanalyzer.AnalyzerFilterArgs{
    						{
    							Eq: pulumi.StringArray{
    								pulumi.String("123456789012"),
    							},
    							Property: pulumi.String("principal.AWS"),
    						},
    					},
    					RuleName: pulumi.String("ArchiveTrustedAccountAccess"),
    				},
    				&accessanalyzer.AnalyzerArchiveRuleArgs{
    					Filter: []accessanalyzer.AnalyzerFilterArgs{
    						{
    							Contains: pulumi.StringArray{
    								pulumi.String("arn:aws:s3:::docs-bucket"),
    								pulumi.String("arn:aws:s3:::clients-bucket"),
    							},
    							Property: pulumi.String("resource"),
    						},
    					},
    					RuleName: pulumi.String("ArchivePublicS3BucketsAccess"),
    				},
    			},
    			Tags: aws.TagArray{
    				&aws.TagArgs{
    					Key:   pulumi.String("Kind"),
    					Value: pulumi.String("Dev"),
    				},
    			},
    			Type: pulumi.String("ACCOUNT"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_native as aws_native
    
    analyzer = aws_native.accessanalyzer.Analyzer("analyzer",
        analyzer_name="DevAccountAnalyzer",
        archive_rules=[
            aws_native.accessanalyzer.AnalyzerArchiveRuleArgs(
                filter=[aws_native.accessanalyzer.AnalyzerFilterArgs(
                    eq=["123456789012"],
                    property="principal.AWS",
                )],
                rule_name="ArchiveTrustedAccountAccess",
            ),
            aws_native.accessanalyzer.AnalyzerArchiveRuleArgs(
                filter=[aws_native.accessanalyzer.AnalyzerFilterArgs(
                    contains=[
                        "arn:aws:s3:::docs-bucket",
                        "arn:aws:s3:::clients-bucket",
                    ],
                    property="resource",
                )],
                rule_name="ArchivePublicS3BucketsAccess",
            ),
        ],
        tags=[aws_native.TagArgs(
            key="Kind",
            value="Dev",
        )],
        type="ACCOUNT")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws_native from "@pulumi/aws-native";
    
    const analyzer = new aws_native.accessanalyzer.Analyzer("analyzer", {
        analyzerName: "DevAccountAnalyzer",
        archiveRules: [
            {
                filter: [{
                    eq: ["123456789012"],
                    property: "principal.AWS",
                }],
                ruleName: "ArchiveTrustedAccountAccess",
            },
            {
                filter: [{
                    contains: [
                        "arn:aws:s3:::docs-bucket",
                        "arn:aws:s3:::clients-bucket",
                    ],
                    property: "resource",
                }],
                ruleName: "ArchivePublicS3BucketsAccess",
            },
        ],
        tags: [{
            key: "Kind",
            value: "Dev",
        }],
        type: "ACCOUNT",
    });
    

    Coming soon!

    Create Analyzer Resource

    new Analyzer(name: string, args: AnalyzerArgs, opts?: CustomResourceOptions);
    @overload
    def Analyzer(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 analyzer_configuration: Optional[AnalyzerConfigurationPropertiesArgs] = None,
                 analyzer_name: Optional[str] = None,
                 archive_rules: Optional[Sequence[AnalyzerArchiveRuleArgs]] = None,
                 tags: Optional[Sequence[_root_inputs.TagArgs]] = None,
                 type: Optional[str] = None)
    @overload
    def Analyzer(resource_name: str,
                 args: AnalyzerArgs,
                 opts: Optional[ResourceOptions] = None)
    func NewAnalyzer(ctx *Context, name string, args AnalyzerArgs, opts ...ResourceOption) (*Analyzer, error)
    public Analyzer(string name, AnalyzerArgs args, CustomResourceOptions? opts = null)
    public Analyzer(String name, AnalyzerArgs args)
    public Analyzer(String name, AnalyzerArgs args, CustomResourceOptions options)
    
    type: aws-native:accessanalyzer:Analyzer
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AnalyzerArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AnalyzerArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AnalyzerArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AnalyzerArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AnalyzerArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Analyzer Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Analyzer resource accepts the following input properties:

    Type string
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    AnalyzerConfiguration Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerConfigurationProperties
    The configuration for the analyzer
    AnalyzerName string
    Analyzer name
    ArchiveRules List<Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerArchiveRule>
    Tags List<Pulumi.AwsNative.Inputs.Tag>
    An array of key-value pairs to apply to this resource.
    Type string
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    AnalyzerConfiguration AnalyzerConfigurationPropertiesArgs
    The configuration for the analyzer
    AnalyzerName string
    Analyzer name
    ArchiveRules []AnalyzerArchiveRuleArgs
    Tags TagArgs
    An array of key-value pairs to apply to this resource.
    type String
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    analyzerConfiguration AnalyzerConfigurationProperties
    The configuration for the analyzer
    analyzerName String
    Analyzer name
    archiveRules List<AnalyzerArchiveRule>
    tags List<Tag>
    An array of key-value pairs to apply to this resource.
    type string
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    analyzerConfiguration AnalyzerConfigurationProperties
    The configuration for the analyzer
    analyzerName string
    Analyzer name
    archiveRules AnalyzerArchiveRule[]
    tags Tag[]
    An array of key-value pairs to apply to this resource.
    type str
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    analyzer_configuration AnalyzerConfigurationPropertiesArgs
    The configuration for the analyzer
    analyzer_name str
    Analyzer name
    archive_rules Sequence[AnalyzerArchiveRuleArgs]
    tags TagArgs]
    An array of key-value pairs to apply to this resource.
    type String
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    analyzerConfiguration Property Map
    The configuration for the analyzer
    analyzerName String
    Analyzer name
    archiveRules List<Property Map>
    tags List<Property Map>
    An array of key-value pairs to apply to this resource.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Analyzer resource produces the following output properties:

    Arn string
    Amazon Resource Name (ARN) of the analyzer
    Id string
    The provider-assigned unique ID for this managed resource.
    Arn string
    Amazon Resource Name (ARN) of the analyzer
    Id string
    The provider-assigned unique ID for this managed resource.
    arn String
    Amazon Resource Name (ARN) of the analyzer
    id String
    The provider-assigned unique ID for this managed resource.
    arn string
    Amazon Resource Name (ARN) of the analyzer
    id string
    The provider-assigned unique ID for this managed resource.
    arn str
    Amazon Resource Name (ARN) of the analyzer
    id str
    The provider-assigned unique ID for this managed resource.
    arn String
    Amazon Resource Name (ARN) of the analyzer
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    AnalyzerArchiveRule, AnalyzerArchiveRuleArgs

    Filter []AnalyzerFilter
    RuleName string
    The archive rule name
    filter List<AnalyzerFilter>
    ruleName String
    The archive rule name
    filter AnalyzerFilter[]
    ruleName string
    The archive rule name
    filter Sequence[AnalyzerFilter]
    rule_name str
    The archive rule name
    filter List<Property Map>
    ruleName String
    The archive rule name

    AnalyzerConfigurationProperties, AnalyzerConfigurationPropertiesArgs

    AnalyzerFilter, AnalyzerFilterArgs

    Property string
    Contains List<string>
    Eq List<string>
    Exists bool
    Neq List<string>
    Property string
    Contains []string
    Eq []string
    Exists bool
    Neq []string
    property String
    contains List<String>
    eq List<String>
    exists Boolean
    neq List<String>
    property string
    contains string[]
    eq string[]
    exists boolean
    neq string[]
    property str
    contains Sequence[str]
    eq Sequence[str]
    exists bool
    neq Sequence[str]
    property String
    contains List<String>
    eq List<String>
    exists Boolean
    neq List<String>

    AnalyzerUnusedAccessConfiguration, AnalyzerUnusedAccessConfigurationArgs

    UnusedAccessAge int
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.
    UnusedAccessAge int
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.
    unusedAccessAge Integer
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.
    unusedAccessAge number
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.
    unused_access_age int
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.
    unusedAccessAge Number
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.

    Tag, TagArgs

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    AWS Native is in preview. AWS Classic is fully supported.

    AWS Native v0.100.0 published on Wednesday, Mar 27, 2024 by Pulumi