1. Packages
  2. AWS Native
  3. API Docs
  4. accessanalyzer
  5. Analyzer

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.108.3 published on Wednesday, Jun 12, 2024 by Pulumi

aws-native.accessanalyzer.Analyzer

Explore with Pulumi AI

aws-native logo

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.108.3 published on Wednesday, Jun 12, 2024 by Pulumi

    The AWS::AccessAnalyzer::Analyzer type specifies an analyzer of the user’s account

    Example Usage

    Example

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AwsNative = Pulumi.AwsNative;
    
    return await Deployment.RunAsync(() => 
    {
        var analyzer = new AwsNative.AccessAnalyzer.Analyzer("analyzer", new()
        {
            AnalyzerName = "DevAccountAnalyzer",
            ArchiveRules = new[]
            {
                new AwsNative.AccessAnalyzer.Inputs.AnalyzerArchiveRuleArgs
                {
                    Filter = new[]
                    {
                        new AwsNative.AccessAnalyzer.Inputs.AnalyzerFilterArgs
                        {
                            Eq = new[]
                            {
                                "123456789012",
                            },
                            Property = "principal.AWS",
                        },
                    },
                    RuleName = "ArchiveTrustedAccountAccess",
                },
                new AwsNative.AccessAnalyzer.Inputs.AnalyzerArchiveRuleArgs
                {
                    Filter = new[]
                    {
                        new AwsNative.AccessAnalyzer.Inputs.AnalyzerFilterArgs
                        {
                            Contains = new[]
                            {
                                "arn:aws:s3:::docs-bucket",
                                "arn:aws:s3:::clients-bucket",
                            },
                            Property = "resource",
                        },
                    },
                    RuleName = "ArchivePublicS3BucketsAccess",
                },
            },
            Tags = new[]
            {
                new AwsNative.Inputs.TagArgs
                {
                    Key = "Kind",
                    Value = "Dev",
                },
            },
            Type = "ACCOUNT",
        });
    
    });
    
    package main
    
    import (
    	awsnative "github.com/pulumi/pulumi-aws-native/sdk/go/aws"
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/accessanalyzer"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := accessanalyzer.NewAnalyzer(ctx, "analyzer", &accessanalyzer.AnalyzerArgs{
    			AnalyzerName: pulumi.String("DevAccountAnalyzer"),
    			ArchiveRules: accessanalyzer.AnalyzerArchiveRuleArray{
    				&accessanalyzer.AnalyzerArchiveRuleArgs{
    					Filter: []accessanalyzer.AnalyzerFilterArgs{
    						{
    							Eq: pulumi.StringArray{
    								pulumi.String("123456789012"),
    							},
    							Property: pulumi.String("principal.AWS"),
    						},
    					},
    					RuleName: pulumi.String("ArchiveTrustedAccountAccess"),
    				},
    				&accessanalyzer.AnalyzerArchiveRuleArgs{
    					Filter: []accessanalyzer.AnalyzerFilterArgs{
    						{
    							Contains: pulumi.StringArray{
    								pulumi.String("arn:aws:s3:::docs-bucket"),
    								pulumi.String("arn:aws:s3:::clients-bucket"),
    							},
    							Property: pulumi.String("resource"),
    						},
    					},
    					RuleName: pulumi.String("ArchivePublicS3BucketsAccess"),
    				},
    			},
    			Tags: aws.TagArray{
    				&aws.TagArgs{
    					Key:   pulumi.String("Kind"),
    					Value: pulumi.String("Dev"),
    				},
    			},
    			Type: pulumi.String("ACCOUNT"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_native as aws_native
    
    analyzer = aws_native.accessanalyzer.Analyzer("analyzer",
        analyzer_name="DevAccountAnalyzer",
        archive_rules=[
            aws_native.accessanalyzer.AnalyzerArchiveRuleArgs(
                filter=[aws_native.accessanalyzer.AnalyzerFilterArgs(
                    eq=["123456789012"],
                    property="principal.AWS",
                )],
                rule_name="ArchiveTrustedAccountAccess",
            ),
            aws_native.accessanalyzer.AnalyzerArchiveRuleArgs(
                filter=[aws_native.accessanalyzer.AnalyzerFilterArgs(
                    contains=[
                        "arn:aws:s3:::docs-bucket",
                        "arn:aws:s3:::clients-bucket",
                    ],
                    property="resource",
                )],
                rule_name="ArchivePublicS3BucketsAccess",
            ),
        ],
        tags=[aws_native.TagArgs(
            key="Kind",
            value="Dev",
        )],
        type="ACCOUNT")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws_native from "@pulumi/aws-native";
    
    const analyzer = new aws_native.accessanalyzer.Analyzer("analyzer", {
        analyzerName: "DevAccountAnalyzer",
        archiveRules: [
            {
                filter: [{
                    eq: ["123456789012"],
                    property: "principal.AWS",
                }],
                ruleName: "ArchiveTrustedAccountAccess",
            },
            {
                filter: [{
                    contains: [
                        "arn:aws:s3:::docs-bucket",
                        "arn:aws:s3:::clients-bucket",
                    ],
                    property: "resource",
                }],
                ruleName: "ArchivePublicS3BucketsAccess",
            },
        ],
        tags: [{
            key: "Kind",
            value: "Dev",
        }],
        type: "ACCOUNT",
    });
    

    Coming soon!

    Create Analyzer Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Analyzer(name: string, args: AnalyzerArgs, opts?: CustomResourceOptions);
    @overload
    def Analyzer(resource_name: str,
                 args: AnalyzerArgs,
                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def Analyzer(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 type: Optional[str] = None,
                 analyzer_configuration: Optional[AnalyzerConfigurationPropertiesArgs] = None,
                 analyzer_name: Optional[str] = None,
                 archive_rules: Optional[Sequence[AnalyzerArchiveRuleArgs]] = None,
                 tags: Optional[Sequence[_root_inputs.TagArgs]] = None)
    func NewAnalyzer(ctx *Context, name string, args AnalyzerArgs, opts ...ResourceOption) (*Analyzer, error)
    public Analyzer(string name, AnalyzerArgs args, CustomResourceOptions? opts = null)
    public Analyzer(String name, AnalyzerArgs args)
    public Analyzer(String name, AnalyzerArgs args, CustomResourceOptions options)
    
    type: aws-native:accessanalyzer:Analyzer
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AnalyzerArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AnalyzerArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AnalyzerArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AnalyzerArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AnalyzerArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    const analyzerResource = new aws_native.accessanalyzer.Analyzer("analyzerResource", {
        type: "string",
        analyzerConfiguration: {
            unusedAccessConfiguration: {
                unusedAccessAge: 0,
            },
        },
        analyzerName: "string",
        archiveRules: [{
            filter: [{
                property: "string",
                contains: ["string"],
                eq: ["string"],
                exists: false,
                neq: ["string"],
            }],
            ruleName: "string",
        }],
        tags: [{
            key: "string",
            value: "string",
        }],
    });
    
    Coming soon!
    

    Analyzer Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Analyzer resource accepts the following input properties:

    Type string
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    AnalyzerConfiguration Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerConfigurationProperties
    The configuration for the analyzer
    AnalyzerName string
    Analyzer name
    ArchiveRules List<Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerArchiveRule>
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    Tags List<Pulumi.AwsNative.Inputs.Tag>
    An array of key-value pairs to apply to this resource.
    Type string
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    AnalyzerConfiguration AnalyzerConfigurationPropertiesArgs
    The configuration for the analyzer
    AnalyzerName string
    Analyzer name
    ArchiveRules []AnalyzerArchiveRuleArgs
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    Tags TagArgs
    An array of key-value pairs to apply to this resource.
    type String
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    analyzerConfiguration AnalyzerConfigurationProperties
    The configuration for the analyzer
    analyzerName String
    Analyzer name
    archiveRules List<AnalyzerArchiveRule>
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    tags List<Tag>
    An array of key-value pairs to apply to this resource.
    type string
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    analyzerConfiguration AnalyzerConfigurationProperties
    The configuration for the analyzer
    analyzerName string
    Analyzer name
    archiveRules AnalyzerArchiveRule[]
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    tags Tag[]
    An array of key-value pairs to apply to this resource.
    type str
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    analyzer_configuration AnalyzerConfigurationPropertiesArgs
    The configuration for the analyzer
    analyzer_name str
    Analyzer name
    archive_rules Sequence[AnalyzerArchiveRuleArgs]
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    tags Sequence[TagArgs]
    An array of key-value pairs to apply to this resource.
    type String
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    analyzerConfiguration Property Map
    The configuration for the analyzer
    analyzerName String
    Analyzer name
    archiveRules List<Property Map>
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    tags List<Property Map>
    An array of key-value pairs to apply to this resource.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Analyzer resource produces the following output properties:

    Arn string
    Amazon Resource Name (ARN) of the analyzer
    Id string
    The provider-assigned unique ID for this managed resource.
    Arn string
    Amazon Resource Name (ARN) of the analyzer
    Id string
    The provider-assigned unique ID for this managed resource.
    arn String
    Amazon Resource Name (ARN) of the analyzer
    id String
    The provider-assigned unique ID for this managed resource.
    arn string
    Amazon Resource Name (ARN) of the analyzer
    id string
    The provider-assigned unique ID for this managed resource.
    arn str
    Amazon Resource Name (ARN) of the analyzer
    id str
    The provider-assigned unique ID for this managed resource.
    arn String
    Amazon Resource Name (ARN) of the analyzer
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    AnalyzerArchiveRule, AnalyzerArchiveRuleArgs

    Filter List<Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerFilter>
    The criteria for the rule.
    RuleName string
    The archive rule name
    Filter []AnalyzerFilter
    The criteria for the rule.
    RuleName string
    The archive rule name
    filter List<AnalyzerFilter>
    The criteria for the rule.
    ruleName String
    The archive rule name
    filter AnalyzerFilter[]
    The criteria for the rule.
    ruleName string
    The archive rule name
    filter Sequence[AnalyzerFilter]
    The criteria for the rule.
    rule_name str
    The archive rule name
    filter List<Property Map>
    The criteria for the rule.
    ruleName String
    The archive rule name

    AnalyzerConfigurationProperties, AnalyzerConfigurationPropertiesArgs

    UnusedAccessConfiguration Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerUnusedAccessConfiguration
    Specifies the configuration of an unused access analyzer for an AWS organization or account. External access analyzers do not support any configuration.
    UnusedAccessConfiguration AnalyzerUnusedAccessConfiguration
    Specifies the configuration of an unused access analyzer for an AWS organization or account. External access analyzers do not support any configuration.
    unusedAccessConfiguration AnalyzerUnusedAccessConfiguration
    Specifies the configuration of an unused access analyzer for an AWS organization or account. External access analyzers do not support any configuration.
    unusedAccessConfiguration AnalyzerUnusedAccessConfiguration
    Specifies the configuration of an unused access analyzer for an AWS organization or account. External access analyzers do not support any configuration.
    unused_access_configuration AnalyzerUnusedAccessConfiguration
    Specifies the configuration of an unused access analyzer for an AWS organization or account. External access analyzers do not support any configuration.
    unusedAccessConfiguration Property Map
    Specifies the configuration of an unused access analyzer for an AWS organization or account. External access analyzers do not support any configuration.

    AnalyzerFilter, AnalyzerFilterArgs

    Property string
    The property used to define the criteria in the filter for the rule.
    Contains List<string>
    A "contains" condition to match for the rule.
    Eq List<string>
    An "equals" condition to match for the rule.
    Exists bool
    An "exists" condition to match for the rule.
    Neq List<string>
    A "not equal" condition to match for the rule.
    Property string
    The property used to define the criteria in the filter for the rule.
    Contains []string
    A "contains" condition to match for the rule.
    Eq []string
    An "equals" condition to match for the rule.
    Exists bool
    An "exists" condition to match for the rule.
    Neq []string
    A "not equal" condition to match for the rule.
    property String
    The property used to define the criteria in the filter for the rule.
    contains List<String>
    A "contains" condition to match for the rule.
    eq List<String>
    An "equals" condition to match for the rule.
    exists Boolean
    An "exists" condition to match for the rule.
    neq List<String>
    A "not equal" condition to match for the rule.
    property string
    The property used to define the criteria in the filter for the rule.
    contains string[]
    A "contains" condition to match for the rule.
    eq string[]
    An "equals" condition to match for the rule.
    exists boolean
    An "exists" condition to match for the rule.
    neq string[]
    A "not equal" condition to match for the rule.
    property str
    The property used to define the criteria in the filter for the rule.
    contains Sequence[str]
    A "contains" condition to match for the rule.
    eq Sequence[str]
    An "equals" condition to match for the rule.
    exists bool
    An "exists" condition to match for the rule.
    neq Sequence[str]
    A "not equal" condition to match for the rule.
    property String
    The property used to define the criteria in the filter for the rule.
    contains List<String>
    A "contains" condition to match for the rule.
    eq List<String>
    An "equals" condition to match for the rule.
    exists Boolean
    An "exists" condition to match for the rule.
    neq List<String>
    A "not equal" condition to match for the rule.

    AnalyzerUnusedAccessConfiguration, AnalyzerUnusedAccessConfigurationArgs

    UnusedAccessAge int
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.
    UnusedAccessAge int
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.
    unusedAccessAge Integer
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.
    unusedAccessAge number
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.
    unused_access_age int
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.
    unusedAccessAge Number
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.

    Tag, TagArgs

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    AWS Native is in preview. AWS Classic is fully supported.

    AWS Native v0.108.3 published on Wednesday, Jun 12, 2024 by Pulumi