1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. accessanalyzer
  5. Analyzer

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.13.0 published on Wednesday, Dec 4, 2024 by Pulumi

aws-native.accessanalyzer.Analyzer

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.13.0 published on Wednesday, Dec 4, 2024 by Pulumi

    The AWS::AccessAnalyzer::Analyzer type specifies an analyzer of the user’s account

    Example Usage

    Example

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AwsNative = Pulumi.AwsNative;
    
    return await Deployment.RunAsync(() => 
    {
        var analyzer = new AwsNative.AccessAnalyzer.Analyzer("analyzer", new()
        {
            AnalyzerName = "DevAccountAnalyzer",
            ArchiveRules = new[]
            {
                new AwsNative.AccessAnalyzer.Inputs.AnalyzerArchiveRuleArgs
                {
                    Filter = new[]
                    {
                        new AwsNative.AccessAnalyzer.Inputs.AnalyzerFilterArgs
                        {
                            Eq = new[]
                            {
                                "123456789012",
                            },
                            Property = "principal.AWS",
                        },
                    },
                    RuleName = "ArchiveTrustedAccountAccess",
                },
                new AwsNative.AccessAnalyzer.Inputs.AnalyzerArchiveRuleArgs
                {
                    Filter = new[]
                    {
                        new AwsNative.AccessAnalyzer.Inputs.AnalyzerFilterArgs
                        {
                            Contains = new[]
                            {
                                "arn:aws:s3:::docs-bucket",
                                "arn:aws:s3:::clients-bucket",
                            },
                            Property = "resource",
                        },
                    },
                    RuleName = "ArchivePublicS3BucketsAccess",
                },
            },
            Tags = new[]
            {
                new AwsNative.Inputs.TagArgs
                {
                    Key = "Kind",
                    Value = "Dev",
                },
            },
            Type = "ACCOUNT",
        });
    
    });
    
    package main
    
    import (
    	awsnative "github.com/pulumi/pulumi-aws-native/sdk/go/aws"
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/accessanalyzer"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := accessanalyzer.NewAnalyzer(ctx, "analyzer", &accessanalyzer.AnalyzerArgs{
    			AnalyzerName: pulumi.String("DevAccountAnalyzer"),
    			ArchiveRules: accessanalyzer.AnalyzerArchiveRuleArray{
    				&accessanalyzer.AnalyzerArchiveRuleArgs{
    					Filter: accessanalyzer.AnalyzerFilterArray{
    						&accessanalyzer.AnalyzerFilterArgs{
    							Eq: pulumi.StringArray{
    								pulumi.String("123456789012"),
    							},
    							Property: pulumi.String("principal.AWS"),
    						},
    					},
    					RuleName: pulumi.String("ArchiveTrustedAccountAccess"),
    				},
    				&accessanalyzer.AnalyzerArchiveRuleArgs{
    					Filter: accessanalyzer.AnalyzerFilterArray{
    						&accessanalyzer.AnalyzerFilterArgs{
    							Contains: pulumi.StringArray{
    								pulumi.String("arn:aws:s3:::docs-bucket"),
    								pulumi.String("arn:aws:s3:::clients-bucket"),
    							},
    							Property: pulumi.String("resource"),
    						},
    					},
    					RuleName: pulumi.String("ArchivePublicS3BucketsAccess"),
    				},
    			},
    			Tags: aws.TagArray{
    				&aws.TagArgs{
    					Key:   pulumi.String("Kind"),
    					Value: pulumi.String("Dev"),
    				},
    			},
    			Type: pulumi.String("ACCOUNT"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_native as aws_native
    
    analyzer = aws_native.accessanalyzer.Analyzer("analyzer",
        analyzer_name="DevAccountAnalyzer",
        archive_rules=[
            {
                "filter": [{
                    "eq": ["123456789012"],
                    "property": "principal.AWS",
                }],
                "rule_name": "ArchiveTrustedAccountAccess",
            },
            {
                "filter": [{
                    "contains": [
                        "arn:aws:s3:::docs-bucket",
                        "arn:aws:s3:::clients-bucket",
                    ],
                    "property": "resource",
                }],
                "rule_name": "ArchivePublicS3BucketsAccess",
            },
        ],
        tags=[{
            "key": "Kind",
            "value": "Dev",
        }],
        type="ACCOUNT")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws_native from "@pulumi/aws-native";
    
    const analyzer = new aws_native.accessanalyzer.Analyzer("analyzer", {
        analyzerName: "DevAccountAnalyzer",
        archiveRules: [
            {
                filter: [{
                    eq: ["123456789012"],
                    property: "principal.AWS",
                }],
                ruleName: "ArchiveTrustedAccountAccess",
            },
            {
                filter: [{
                    contains: [
                        "arn:aws:s3:::docs-bucket",
                        "arn:aws:s3:::clients-bucket",
                    ],
                    property: "resource",
                }],
                ruleName: "ArchivePublicS3BucketsAccess",
            },
        ],
        tags: [{
            key: "Kind",
            value: "Dev",
        }],
        type: "ACCOUNT",
    });
    

    Coming soon!

    Create Analyzer Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Analyzer(name: string, args: AnalyzerArgs, opts?: CustomResourceOptions);
    @overload
    def Analyzer(resource_name: str,
                 args: AnalyzerArgs,
                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def Analyzer(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 type: Optional[str] = None,
                 analyzer_configuration: Optional[AnalyzerConfigurationPropertiesArgs] = None,
                 analyzer_name: Optional[str] = None,
                 archive_rules: Optional[Sequence[AnalyzerArchiveRuleArgs]] = None,
                 tags: Optional[Sequence[_root_inputs.TagArgs]] = None)
    func NewAnalyzer(ctx *Context, name string, args AnalyzerArgs, opts ...ResourceOption) (*Analyzer, error)
    public Analyzer(string name, AnalyzerArgs args, CustomResourceOptions? opts = null)
    public Analyzer(String name, AnalyzerArgs args)
    public Analyzer(String name, AnalyzerArgs args, CustomResourceOptions options)
    
    type: aws-native:accessanalyzer:Analyzer
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AnalyzerArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AnalyzerArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AnalyzerArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AnalyzerArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AnalyzerArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Analyzer Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Analyzer resource accepts the following input properties:

    Type string
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    AnalyzerConfiguration Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerConfigurationProperties
    The configuration for the analyzer
    AnalyzerName string
    Analyzer name
    ArchiveRules List<Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerArchiveRule>
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    Tags List<Pulumi.AwsNative.Inputs.Tag>
    An array of key-value pairs to apply to this resource.
    Type string
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    AnalyzerConfiguration AnalyzerConfigurationPropertiesArgs
    The configuration for the analyzer
    AnalyzerName string
    Analyzer name
    ArchiveRules []AnalyzerArchiveRuleArgs
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    Tags TagArgs
    An array of key-value pairs to apply to this resource.
    type String
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    analyzerConfiguration AnalyzerConfigurationProperties
    The configuration for the analyzer
    analyzerName String
    Analyzer name
    archiveRules List<AnalyzerArchiveRule>
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    tags List<Tag>
    An array of key-value pairs to apply to this resource.
    type string
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    analyzerConfiguration AnalyzerConfigurationProperties
    The configuration for the analyzer
    analyzerName string
    Analyzer name
    archiveRules AnalyzerArchiveRule[]
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    tags Tag[]
    An array of key-value pairs to apply to this resource.
    type str
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    analyzer_configuration AnalyzerConfigurationPropertiesArgs
    The configuration for the analyzer
    analyzer_name str
    Analyzer name
    archive_rules Sequence[AnalyzerArchiveRuleArgs]
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    tags Sequence[TagArgs]
    An array of key-value pairs to apply to this resource.
    type String
    The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS
    analyzerConfiguration Property Map
    The configuration for the analyzer
    analyzerName String
    Analyzer name
    archiveRules List<Property Map>
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    tags List<Property Map>
    An array of key-value pairs to apply to this resource.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Analyzer resource produces the following output properties:

    Arn string
    Amazon Resource Name (ARN) of the analyzer
    Id string
    The provider-assigned unique ID for this managed resource.
    Arn string
    Amazon Resource Name (ARN) of the analyzer
    Id string
    The provider-assigned unique ID for this managed resource.
    arn String
    Amazon Resource Name (ARN) of the analyzer
    id String
    The provider-assigned unique ID for this managed resource.
    arn string
    Amazon Resource Name (ARN) of the analyzer
    id string
    The provider-assigned unique ID for this managed resource.
    arn str
    Amazon Resource Name (ARN) of the analyzer
    id str
    The provider-assigned unique ID for this managed resource.
    arn String
    Amazon Resource Name (ARN) of the analyzer
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    AnalyzerAnalysisRuleCriteria, AnalyzerAnalysisRuleCriteriaArgs

    AccountIds List<string>
    A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
    ResourceTags List<ImmutableArray<Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerTag>>

    An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

    For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.

    For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.

    AccountIds []string
    A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
    ResourceTags [][]AnalyzerTag

    An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

    For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.

    For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.

    accountIds List<String>
    A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
    resourceTags List<List<AnalyzerTag>>

    An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

    For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.

    For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.

    accountIds string[]
    A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
    resourceTags AnalyzerTag[][]

    An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

    For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.

    For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.

    account_ids Sequence[str]
    A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
    resource_tags Sequence[Sequence[AnalyzerTag]]

    An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

    For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.

    For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.

    accountIds List<String>
    A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
    resourceTags List<List<Property Map>>

    An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

    For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.

    For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.

    AnalyzerArchiveRule, AnalyzerArchiveRuleArgs

    Filter List<Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerFilter>
    The criteria for the rule.
    RuleName string
    The archive rule name
    Filter []AnalyzerFilter
    The criteria for the rule.
    RuleName string
    The archive rule name
    filter List<AnalyzerFilter>
    The criteria for the rule.
    ruleName String
    The archive rule name
    filter AnalyzerFilter[]
    The criteria for the rule.
    ruleName string
    The archive rule name
    filter Sequence[AnalyzerFilter]
    The criteria for the rule.
    rule_name str
    The archive rule name
    filter List<Property Map>
    The criteria for the rule.
    ruleName String
    The archive rule name

    AnalyzerConfigurationProperties, AnalyzerConfigurationPropertiesArgs

    UnusedAccessConfiguration Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerUnusedAccessConfiguration
    Specifies the configuration of an unused access analyzer for an AWS organization or account.
    UnusedAccessConfiguration AnalyzerUnusedAccessConfiguration
    Specifies the configuration of an unused access analyzer for an AWS organization or account.
    unusedAccessConfiguration AnalyzerUnusedAccessConfiguration
    Specifies the configuration of an unused access analyzer for an AWS organization or account.
    unusedAccessConfiguration AnalyzerUnusedAccessConfiguration
    Specifies the configuration of an unused access analyzer for an AWS organization or account.
    unused_access_configuration AnalyzerUnusedAccessConfiguration
    Specifies the configuration of an unused access analyzer for an AWS organization or account.
    unusedAccessConfiguration Property Map
    Specifies the configuration of an unused access analyzer for an AWS organization or account.

    AnalyzerFilter, AnalyzerFilterArgs

    Property string
    The property used to define the criteria in the filter for the rule.
    Contains List<string>
    A "contains" condition to match for the rule.
    Eq List<string>
    An "equals" condition to match for the rule.
    Exists bool
    An "exists" condition to match for the rule.
    Neq List<string>
    A "not equal" condition to match for the rule.
    Property string
    The property used to define the criteria in the filter for the rule.
    Contains []string
    A "contains" condition to match for the rule.
    Eq []string
    An "equals" condition to match for the rule.
    Exists bool
    An "exists" condition to match for the rule.
    Neq []string
    A "not equal" condition to match for the rule.
    property String
    The property used to define the criteria in the filter for the rule.
    contains List<String>
    A "contains" condition to match for the rule.
    eq List<String>
    An "equals" condition to match for the rule.
    exists Boolean
    An "exists" condition to match for the rule.
    neq List<String>
    A "not equal" condition to match for the rule.
    property string
    The property used to define the criteria in the filter for the rule.
    contains string[]
    A "contains" condition to match for the rule.
    eq string[]
    An "equals" condition to match for the rule.
    exists boolean
    An "exists" condition to match for the rule.
    neq string[]
    A "not equal" condition to match for the rule.
    property str
    The property used to define the criteria in the filter for the rule.
    contains Sequence[str]
    A "contains" condition to match for the rule.
    eq Sequence[str]
    An "equals" condition to match for the rule.
    exists bool
    An "exists" condition to match for the rule.
    neq Sequence[str]
    A "not equal" condition to match for the rule.
    property String
    The property used to define the criteria in the filter for the rule.
    contains List<String>
    A "contains" condition to match for the rule.
    eq List<String>
    An "equals" condition to match for the rule.
    exists Boolean
    An "exists" condition to match for the rule.
    neq List<String>
    A "not equal" condition to match for the rule.

    AnalyzerTag, AnalyzerTagArgs

    Key string
    The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    Value string
    The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    Key string
    The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    Value string
    The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    key String
    The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    value String
    The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    key string
    The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    value string
    The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    key str
    The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    value str
    The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    key String
    The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    value String
    The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

    AnalyzerUnusedAccessConfiguration, AnalyzerUnusedAccessConfigurationArgs

    AnalysisRule Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerUnusedAccessConfigurationAnalysisRuleProperties
    Contains information about rules for the analyzer.
    UnusedAccessAge int
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.
    AnalysisRule AnalyzerUnusedAccessConfigurationAnalysisRuleProperties
    Contains information about rules for the analyzer.
    UnusedAccessAge int
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.
    analysisRule AnalyzerUnusedAccessConfigurationAnalysisRuleProperties
    Contains information about rules for the analyzer.
    unusedAccessAge Integer
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.
    analysisRule AnalyzerUnusedAccessConfigurationAnalysisRuleProperties
    Contains information about rules for the analyzer.
    unusedAccessAge number
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.
    analysis_rule AnalyzerUnusedAccessConfigurationAnalysisRuleProperties
    Contains information about rules for the analyzer.
    unused_access_age int
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.
    analysisRule Property Map
    Contains information about rules for the analyzer.
    unusedAccessAge Number
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.

    AnalyzerUnusedAccessConfigurationAnalysisRuleProperties, AnalyzerUnusedAccessConfigurationAnalysisRulePropertiesArgs

    Exclusions List<Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerAnalysisRuleCriteria>
    A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.
    Exclusions []AnalyzerAnalysisRuleCriteria
    A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.
    exclusions List<AnalyzerAnalysisRuleCriteria>
    A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.
    exclusions AnalyzerAnalysisRuleCriteria[]
    A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.
    exclusions Sequence[AnalyzerAnalysisRuleCriteria]
    A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.
    exclusions List<Property Map>
    A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.

    Tag, TagArgs

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.13.0 published on Wednesday, Dec 4, 2024 by Pulumi