AWS Native

Pulumi Official
Package maintained by Pulumi
v0.19.0 published on Wednesday, Jun 8, 2022 by Pulumi

Analyzer

The AWS::AccessAnalyzer::Analyzer type specifies an analyzer of the user’s account

Example Usage

Example

using Pulumi;
using AwsNative = Pulumi.AwsNative;

class MyStack : Stack
{
    public MyStack()
    {
        var analyzer = new AwsNative.AccessAnalyzer.Analyzer("analyzer", new AwsNative.AccessAnalyzer.AnalyzerArgs
        {
            AnalyzerName = "DevAccountAnalyzer",
            ArchiveRules = 
            {
                new AwsNative.AccessAnalyzer.Inputs.AnalyzerArchiveRuleArgs
                {
                    Filter = 
                    {
                        new AwsNative.AccessAnalyzer.Inputs.AnalyzerFilterArgs
                        {
                            Eq = 
                            {
                                "123456789012",
                            },
                            Property = "principal.AWS",
                        },
                    },
                    RuleName = "ArchiveTrustedAccountAccess",
                },
                new AwsNative.AccessAnalyzer.Inputs.AnalyzerArchiveRuleArgs
                {
                    Filter = 
                    {
                        new AwsNative.AccessAnalyzer.Inputs.AnalyzerFilterArgs
                        {
                            Contains = 
                            {
                                "arn:aws:s3:::docs-bucket",
                                "arn:aws:s3:::clients-bucket",
                            },
                            Property = "resource",
                        },
                    },
                    RuleName = "ArchivePublicS3BucketsAccess",
                },
            },
            Tags = 
            {
                new AwsNative.AccessAnalyzer.Inputs.AnalyzerTagArgs
                {
                    Key = "Kind",
                    Value = "Dev",
                },
            },
            Type = "ACCOUNT",
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/accessanalyzer"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := accessanalyzer.NewAnalyzer(ctx, "analyzer", &accessanalyzer.AnalyzerArgs{
			AnalyzerName: pulumi.String("DevAccountAnalyzer"),
			ArchiveRules: []accessanalyzer.AnalyzerArchiveRuleArgs{
				&accessanalyzer.AnalyzerArchiveRuleArgs{
					Filter: []accessanalyzer.AnalyzerFilterArgs{
						&accessanalyzer.AnalyzerFilterArgs{
							Eq: pulumi.StringArray{
								pulumi.String("123456789012"),
							},
							Property: pulumi.String("principal.AWS"),
						},
					},
					RuleName: pulumi.String("ArchiveTrustedAccountAccess"),
				},
				&accessanalyzer.AnalyzerArchiveRuleArgs{
					Filter: []accessanalyzer.AnalyzerFilterArgs{
						&accessanalyzer.AnalyzerFilterArgs{
							Contains: pulumi.StringArray{
								pulumi.String("arn:aws:s3:::docs-bucket"),
								pulumi.String("arn:aws:s3:::clients-bucket"),
							},
							Property: pulumi.String("resource"),
						},
					},
					RuleName: pulumi.String("ArchivePublicS3BucketsAccess"),
				},
			},
			Tags: []accessanalyzer.AnalyzerTagArgs{
				&accessanalyzer.AnalyzerTagArgs{
					Key:   pulumi.String("Kind"),
					Value: pulumi.String("Dev"),
				},
			},
			Type: pulumi.String("ACCOUNT"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import pulumi_aws_native as aws_native

analyzer = aws_native.accessanalyzer.Analyzer("analyzer",
    analyzer_name="DevAccountAnalyzer",
    archive_rules=[
        aws_native.accessanalyzer.AnalyzerArchiveRuleArgs(
            filter=[aws_native.accessanalyzer.AnalyzerFilterArgs(
                eq=["123456789012"],
                property="principal.AWS",
            )],
            rule_name="ArchiveTrustedAccountAccess",
        ),
        aws_native.accessanalyzer.AnalyzerArchiveRuleArgs(
            filter=[aws_native.accessanalyzer.AnalyzerFilterArgs(
                contains=[
                    "arn:aws:s3:::docs-bucket",
                    "arn:aws:s3:::clients-bucket",
                ],
                property="resource",
            )],
            rule_name="ArchivePublicS3BucketsAccess",
        ),
    ],
    tags=[aws_native.accessanalyzer.AnalyzerTagArgs(
        key="Kind",
        value="Dev",
    )],
    type="ACCOUNT")
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";

const analyzer = new aws_native.accessanalyzer.Analyzer("analyzer", {
    analyzerName: "DevAccountAnalyzer",
    archiveRules: [
        {
            filter: [{
                eq: ["123456789012"],
                property: "principal.AWS",
            }],
            ruleName: "ArchiveTrustedAccountAccess",
        },
        {
            filter: [{
                contains: [
                    "arn:aws:s3:::docs-bucket",
                    "arn:aws:s3:::clients-bucket",
                ],
                property: "resource",
            }],
            ruleName: "ArchivePublicS3BucketsAccess",
        },
    ],
    tags: [{
        key: "Kind",
        value: "Dev",
    }],
    type: "ACCOUNT",
});

Coming soon!

Example

using Pulumi;
using AwsNative = Pulumi.AwsNative;

class MyStack : Stack
{
    public MyStack()
    {
        var analyzer = new AwsNative.AccessAnalyzer.Analyzer("analyzer", new AwsNative.AccessAnalyzer.AnalyzerArgs
        {
            AnalyzerName = "MyAccountAnalyzer",
            Type = "ACCOUNT",
            Tags = 
            {
                new AwsNative.AccessAnalyzer.Inputs.AnalyzerTagArgs
                {
                    Key = "Kind",
                    Value = "Dev",
                },
            },
            ArchiveRules = 
            {
                new AwsNative.AccessAnalyzer.Inputs.AnalyzerArchiveRuleArgs
                {
                    RuleName = "ArchiveTrustedAccountAccess",
                    Filter = 
                    {
                        new AwsNative.AccessAnalyzer.Inputs.AnalyzerFilterArgs
                        {
                            Property = "principal.AWS",
                            Eq = 
                            {
                                "123456789012",
                            },
                        },
                    },
                },
                new AwsNative.AccessAnalyzer.Inputs.AnalyzerArchiveRuleArgs
                {
                    RuleName = "ArchivePublicS3BucketsAccess",
                    Filter = 
                    {
                        new AwsNative.AccessAnalyzer.Inputs.AnalyzerFilterArgs
                        {
                            Property = "resource",
                            Contains = 
                            {
                                "arn:aws:s3:::docs-bucket",
                                "arn:aws:s3:::clients-bucket",
                            },
                        },
                    },
                },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/accessanalyzer"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := accessanalyzer.NewAnalyzer(ctx, "analyzer", &accessanalyzer.AnalyzerArgs{
			AnalyzerName: pulumi.String("MyAccountAnalyzer"),
			Type:         pulumi.String("ACCOUNT"),
			Tags: []accessanalyzer.AnalyzerTagArgs{
				&accessanalyzer.AnalyzerTagArgs{
					Key:   pulumi.String("Kind"),
					Value: pulumi.String("Dev"),
				},
			},
			ArchiveRules: []accessanalyzer.AnalyzerArchiveRuleArgs{
				&accessanalyzer.AnalyzerArchiveRuleArgs{
					RuleName: pulumi.String("ArchiveTrustedAccountAccess"),
					Filter: []accessanalyzer.AnalyzerFilterArgs{
						&accessanalyzer.AnalyzerFilterArgs{
							Property: pulumi.String("principal.AWS"),
							Eq: pulumi.StringArray{
								pulumi.String("123456789012"),
							},
						},
					},
				},
				&accessanalyzer.AnalyzerArchiveRuleArgs{
					RuleName: pulumi.String("ArchivePublicS3BucketsAccess"),
					Filter: []accessanalyzer.AnalyzerFilterArgs{
						&accessanalyzer.AnalyzerFilterArgs{
							Property: pulumi.String("resource"),
							Contains: pulumi.StringArray{
								pulumi.String("arn:aws:s3:::docs-bucket"),
								pulumi.String("arn:aws:s3:::clients-bucket"),
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import pulumi_aws_native as aws_native

analyzer = aws_native.accessanalyzer.Analyzer("analyzer",
    analyzer_name="MyAccountAnalyzer",
    type="ACCOUNT",
    tags=[aws_native.accessanalyzer.AnalyzerTagArgs(
        key="Kind",
        value="Dev",
    )],
    archive_rules=[
        aws_native.accessanalyzer.AnalyzerArchiveRuleArgs(
            rule_name="ArchiveTrustedAccountAccess",
            filter=[aws_native.accessanalyzer.AnalyzerFilterArgs(
                property="principal.AWS",
                eq=["123456789012"],
            )],
        ),
        aws_native.accessanalyzer.AnalyzerArchiveRuleArgs(
            rule_name="ArchivePublicS3BucketsAccess",
            filter=[aws_native.accessanalyzer.AnalyzerFilterArgs(
                property="resource",
                contains=[
                    "arn:aws:s3:::docs-bucket",
                    "arn:aws:s3:::clients-bucket",
                ],
            )],
        ),
    ])
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";

const analyzer = new aws_native.accessanalyzer.Analyzer("analyzer", {
    analyzerName: "MyAccountAnalyzer",
    type: "ACCOUNT",
    tags: [{
        key: "Kind",
        value: "Dev",
    }],
    archiveRules: [
        {
            ruleName: "ArchiveTrustedAccountAccess",
            filter: [{
                property: "principal.AWS",
                eq: ["123456789012"],
            }],
        },
        {
            ruleName: "ArchivePublicS3BucketsAccess",
            filter: [{
                property: "resource",
                contains: [
                    "arn:aws:s3:::docs-bucket",
                    "arn:aws:s3:::clients-bucket",
                ],
            }],
        },
    ],
});

Coming soon!

Create a Analyzer Resource

new Analyzer(name: string, args: AnalyzerArgs, opts?: CustomResourceOptions);
@overload
def Analyzer(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             analyzer_name: Optional[str] = None,
             archive_rules: Optional[Sequence[AnalyzerArchiveRuleArgs]] = None,
             tags: Optional[Sequence[AnalyzerTagArgs]] = None,
             type: Optional[str] = None)
@overload
def Analyzer(resource_name: str,
             args: AnalyzerArgs,
             opts: Optional[ResourceOptions] = None)
func NewAnalyzer(ctx *Context, name string, args AnalyzerArgs, opts ...ResourceOption) (*Analyzer, error)
public Analyzer(string name, AnalyzerArgs args, CustomResourceOptions? opts = null)
public Analyzer(String name, AnalyzerArgs args)
public Analyzer(String name, AnalyzerArgs args, CustomResourceOptions options)
type: aws-native:accessanalyzer:Analyzer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AnalyzerArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AnalyzerArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AnalyzerArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AnalyzerArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AnalyzerArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Analyzer Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Analyzer resource accepts the following input properties:

Type string

The type of the analyzer, must be ACCOUNT or ORGANIZATION

AnalyzerName string

Analyzer name

ArchiveRules List<Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerArchiveRuleArgs>
Tags List<Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerTagArgs>

An array of key-value pairs to apply to this resource.

Type string

The type of the analyzer, must be ACCOUNT or ORGANIZATION

AnalyzerName string

Analyzer name

ArchiveRules []AnalyzerArchiveRuleArgs
Tags []AnalyzerTagArgs

An array of key-value pairs to apply to this resource.

type String

The type of the analyzer, must be ACCOUNT or ORGANIZATION

analyzerName String

Analyzer name

archiveRules List<AnalyzerArchiveRuleArgs>
tags List<AnalyzerTagArgs>

An array of key-value pairs to apply to this resource.

type string

The type of the analyzer, must be ACCOUNT or ORGANIZATION

analyzerName string

Analyzer name

archiveRules AnalyzerArchiveRuleArgs[]
tags AnalyzerTagArgs[]

An array of key-value pairs to apply to this resource.

type str

The type of the analyzer, must be ACCOUNT or ORGANIZATION

analyzer_name str

Analyzer name

archive_rules Sequence[AnalyzerArchiveRuleArgs]
tags Sequence[AnalyzerTagArgs]

An array of key-value pairs to apply to this resource.

type String

The type of the analyzer, must be ACCOUNT or ORGANIZATION

analyzerName String

Analyzer name

archiveRules List<Property Map>
tags List<Property Map>

An array of key-value pairs to apply to this resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the Analyzer resource produces the following output properties:

Arn string

Amazon Resource Name (ARN) of the analyzer

Id string

The provider-assigned unique ID for this managed resource.

Arn string

Amazon Resource Name (ARN) of the analyzer

Id string

The provider-assigned unique ID for this managed resource.

arn String

Amazon Resource Name (ARN) of the analyzer

id String

The provider-assigned unique ID for this managed resource.

arn string

Amazon Resource Name (ARN) of the analyzer

id string

The provider-assigned unique ID for this managed resource.

arn str

Amazon Resource Name (ARN) of the analyzer

id str

The provider-assigned unique ID for this managed resource.

arn String

Amazon Resource Name (ARN) of the analyzer

id String

The provider-assigned unique ID for this managed resource.

Supporting Types

AnalyzerArchiveRule

Filter []AnalyzerFilter
RuleName string

The archive rule name

filter List<AnalyzerFilter>
ruleName String

The archive rule name

filter AnalyzerFilter[]
ruleName string

The archive rule name

filter Sequence[AnalyzerFilter]
rule_name str

The archive rule name

filter List<Property Map>
ruleName String

The archive rule name

AnalyzerFilter

Property string
Contains List<string>
Eq List<string>
Exists bool
Neq List<string>
Property string
Contains []string
Eq []string
Exists bool
Neq []string
property String
contains List<String>
eq List<String>
exists Boolean
neq List<String>
property string
contains string[]
eq string[]
exists boolean
neq string[]
property str
contains Sequence[str]
eq Sequence[str]
exists bool
neq Sequence[str]
property String
contains List<String>
eq List<String>
exists Boolean
neq List<String>

AnalyzerTag

Key string

The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

Value string

The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

Key string

The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

Value string

The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

key String

The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

value String

The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

key string

The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

value string

The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

key str

The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

value str

The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

key String

The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

value String

The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

Package Details

Repository
https://github.com/pulumi/pulumi-aws-native
License
Apache-2.0