Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi IDP Pulumi Cloud Packages Tutorials
  1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. accessanalyzer
  5. getAnalyzer

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.32.0 published on Wednesday, Aug 13, 2025 by Pulumi
pulumi/pulumi-aws-native

aws-native.accessanalyzer.getAnalyzer

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.32.0 published on Wednesday, Aug 13, 2025 by Pulumi
pulumi/pulumi-aws-native

    The AWS::AccessAnalyzer::Analyzer type specifies an analyzer of the user’s account

    Using getAnalyzer

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getAnalyzer(args: GetAnalyzerArgs, opts?: InvokeOptions): Promise<GetAnalyzerResult>
function getAnalyzerOutput(args: GetAnalyzerOutputArgs, opts?: InvokeOptions): Output<GetAnalyzerResult>
    def get_analyzer(arn: Optional[str] = None,
                 opts: Optional[InvokeOptions] = None) -> GetAnalyzerResult
def get_analyzer_output(arn: Optional[pulumi.Input[str]] = None,
                 opts: Optional[InvokeOptions] = None) -> Output[GetAnalyzerResult]
    func LookupAnalyzer(ctx *Context, args *LookupAnalyzerArgs, opts ...InvokeOption) (*LookupAnalyzerResult, error)
func LookupAnalyzerOutput(ctx *Context, args *LookupAnalyzerOutputArgs, opts ...InvokeOption) LookupAnalyzerResultOutput

    > Note: This function is named LookupAnalyzer in the Go SDK.

    public static class GetAnalyzer 
{
    public static Task<GetAnalyzerResult> InvokeAsync(GetAnalyzerArgs args, InvokeOptions? opts = null)
    public static Output<GetAnalyzerResult> Invoke(GetAnalyzerInvokeArgs args, InvokeOptions? opts = null)
}
    public static CompletableFuture<GetAnalyzerResult> getAnalyzer(GetAnalyzerArgs args, InvokeOptions options)
public static Output<GetAnalyzerResult> getAnalyzer(GetAnalyzerArgs args, InvokeOptions options)

    fn::invoke:
  function: aws-native:accessanalyzer:getAnalyzer
  arguments:
    # arguments dictionary

    The following arguments are supported:

    Arn string
    Amazon Resource Name (ARN) of the analyzer
    Arn string
    Amazon Resource Name (ARN) of the analyzer
    arn String
    Amazon Resource Name (ARN) of the analyzer
    arn string
    Amazon Resource Name (ARN) of the analyzer
    arn str
    Amazon Resource Name (ARN) of the analyzer
    arn String
    Amazon Resource Name (ARN) of the analyzer

    getAnalyzer Result

    The following output properties are available:

    AnalyzerConfiguration Pulumi.AwsNative.AccessAnalyzer.Outputs.AnalyzerConfigurationProperties
    The configuration for the analyzer
    ArchiveRules List<Pulumi.AwsNative.AccessAnalyzer.Outputs.AnalyzerArchiveRule>
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    Arn string
    Amazon Resource Name (ARN) of the analyzer
    Tags List<Pulumi.AwsNative.Outputs.Tag>
    An array of key-value pairs to apply to this resource.
    AnalyzerConfiguration AnalyzerConfigurationProperties
    The configuration for the analyzer
    ArchiveRules []AnalyzerArchiveRule
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    Arn string
    Amazon Resource Name (ARN) of the analyzer
    Tags Tag
    An array of key-value pairs to apply to this resource.
    analyzerConfiguration AnalyzerConfigurationProperties
    The configuration for the analyzer
    archiveRules List<AnalyzerArchiveRule>
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    arn String
    Amazon Resource Name (ARN) of the analyzer
    tags List<Tag>
    An array of key-value pairs to apply to this resource.
    analyzerConfiguration AnalyzerConfigurationProperties
    The configuration for the analyzer
    archiveRules AnalyzerArchiveRule[]
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    arn string
    Amazon Resource Name (ARN) of the analyzer
    tags Tag[]
    An array of key-value pairs to apply to this resource.
    analyzer_configuration AnalyzerConfigurationProperties
    The configuration for the analyzer
    archive_rules Sequence[AnalyzerArchiveRule]
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    arn str
    Amazon Resource Name (ARN) of the analyzer
    tags Sequence[root_Tag]
    An array of key-value pairs to apply to this resource.
    analyzerConfiguration Property Map
    The configuration for the analyzer
    archiveRules List<Property Map>
    Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
    arn String
    Amazon Resource Name (ARN) of the analyzer
    tags List<Property Map>
    An array of key-value pairs to apply to this resource.

    Supporting Types

    AnalyzerAnalysisRuleCriteria

    AccountIds List<string>
    A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
    ResourceTags List<ImmutableArray<Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerTag>>

    An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

    For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.

    For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.

    AccountIds []string
    A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
    ResourceTags [][]AnalyzerTag

    An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

    For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.

    For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.

    accountIds List<String>
    A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
    resourceTags List<List<AnalyzerTag>>

    An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

    For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.

    For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.

    accountIds string[]
    A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
    resourceTags AnalyzerTag[][]

    An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

    For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.

    For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.

    account_ids Sequence[str]
    A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
    resource_tags Sequence[Sequence[AnalyzerTag]]

    An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

    For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.

    For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.

    accountIds List<String>
    A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
    resourceTags List<List<Property Map>>

    An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

    For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.

    For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.

    AnalyzerArchiveRule

    Filter List<Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerFilter>
    The criteria for the rule.
    RuleName string
    The archive rule name
    Filter []AnalyzerFilter
    The criteria for the rule.
    RuleName string
    The archive rule name
    filter List<AnalyzerFilter>
    The criteria for the rule.
    ruleName String
    The archive rule name
    filter AnalyzerFilter[]
    The criteria for the rule.
    ruleName string
    The archive rule name
    filter Sequence[AnalyzerFilter]
    The criteria for the rule.
    rule_name str
    The archive rule name
    filter List<Property Map>
    The criteria for the rule.
    ruleName String
    The archive rule name

    AnalyzerConfigurationProperties

    InternalAccessConfiguration Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerInternalAccessConfiguration
    Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment.
    UnusedAccessConfiguration Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerUnusedAccessConfiguration
    Specifies the configuration of an unused access analyzer for an AWS organization or account.
    InternalAccessConfiguration AnalyzerInternalAccessConfiguration
    Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment.
    UnusedAccessConfiguration AnalyzerUnusedAccessConfiguration
    Specifies the configuration of an unused access analyzer for an AWS organization or account.
    internalAccessConfiguration AnalyzerInternalAccessConfiguration
    Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment.
    unusedAccessConfiguration AnalyzerUnusedAccessConfiguration
    Specifies the configuration of an unused access analyzer for an AWS organization or account.
    internalAccessConfiguration AnalyzerInternalAccessConfiguration
    Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment.
    unusedAccessConfiguration AnalyzerUnusedAccessConfiguration
    Specifies the configuration of an unused access analyzer for an AWS organization or account.
    internal_access_configuration AnalyzerInternalAccessConfiguration
    Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment.
    unused_access_configuration AnalyzerUnusedAccessConfiguration
    Specifies the configuration of an unused access analyzer for an AWS organization or account.
    internalAccessConfiguration Property Map
    Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment.
    unusedAccessConfiguration Property Map
    Specifies the configuration of an unused access analyzer for an AWS organization or account.

    AnalyzerFilter

    Property string
    The property used to define the criteria in the filter for the rule.
    Contains List<string>
    A "contains" condition to match for the rule.
    Eq List<string>
    An "equals" condition to match for the rule.
    Exists bool
    An "exists" condition to match for the rule.
    Neq List<string>
    A "not equal" condition to match for the rule.
    Property string
    The property used to define the criteria in the filter for the rule.
    Contains []string
    A "contains" condition to match for the rule.
    Eq []string
    An "equals" condition to match for the rule.
    Exists bool
    An "exists" condition to match for the rule.
    Neq []string
    A "not equal" condition to match for the rule.
    property String
    The property used to define the criteria in the filter for the rule.
    contains List<String>
    A "contains" condition to match for the rule.
    eq List<String>
    An "equals" condition to match for the rule.
    exists Boolean
    An "exists" condition to match for the rule.
    neq List<String>
    A "not equal" condition to match for the rule.
    property string
    The property used to define the criteria in the filter for the rule.
    contains string[]
    A "contains" condition to match for the rule.
    eq string[]
    An "equals" condition to match for the rule.
    exists boolean
    An "exists" condition to match for the rule.
    neq string[]
    A "not equal" condition to match for the rule.
    property str
    The property used to define the criteria in the filter for the rule.
    contains Sequence[str]
    A "contains" condition to match for the rule.
    eq Sequence[str]
    An "equals" condition to match for the rule.
    exists bool
    An "exists" condition to match for the rule.
    neq Sequence[str]
    A "not equal" condition to match for the rule.
    property String
    The property used to define the criteria in the filter for the rule.
    contains List<String>
    A "contains" condition to match for the rule.
    eq List<String>
    An "equals" condition to match for the rule.
    exists Boolean
    An "exists" condition to match for the rule.
    neq List<String>
    A "not equal" condition to match for the rule.

    AnalyzerInternalAccessAnalysisRuleCriteria

    AccountIds List<string>
    A list of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers and cannot include the organization owner account.
    ResourceArns List<string>
    A list of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.
    ResourceTypes List<string>
    A list of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types.
    AccountIds []string
    A list of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers and cannot include the organization owner account.
    ResourceArns []string
    A list of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.
    ResourceTypes []string
    A list of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types.
    accountIds List<String>
    A list of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers and cannot include the organization owner account.
    resourceArns List<String>
    A list of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.
    resourceTypes List<String>
    A list of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types.
    accountIds string[]
    A list of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers and cannot include the organization owner account.
    resourceArns string[]
    A list of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.
    resourceTypes string[]
    A list of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types.
    account_ids Sequence[str]
    A list of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers and cannot include the organization owner account.
    resource_arns Sequence[str]
    A list of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.
    resource_types Sequence[str]
    A list of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types.
    accountIds List<String>
    A list of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers and cannot include the organization owner account.
    resourceArns List<String>
    A list of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.
    resourceTypes List<String>
    A list of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types.

    AnalyzerInternalAccessConfiguration

    InternalAccessAnalysisRule Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerInternalAccessConfigurationInternalAccessAnalysisRuleProperties
    Contains information about analysis rules for the internal access analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
    InternalAccessAnalysisRule AnalyzerInternalAccessConfigurationInternalAccessAnalysisRuleProperties
    Contains information about analysis rules for the internal access analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
    internalAccessAnalysisRule AnalyzerInternalAccessConfigurationInternalAccessAnalysisRuleProperties
    Contains information about analysis rules for the internal access analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
    internalAccessAnalysisRule AnalyzerInternalAccessConfigurationInternalAccessAnalysisRuleProperties
    Contains information about analysis rules for the internal access analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
    internal_access_analysis_rule AnalyzerInternalAccessConfigurationInternalAccessAnalysisRuleProperties
    Contains information about analysis rules for the internal access analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
    internalAccessAnalysisRule Property Map
    Contains information about analysis rules for the internal access analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.

    AnalyzerInternalAccessConfigurationInternalAccessAnalysisRuleProperties

    Inclusions List<Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerInternalAccessAnalysisRuleCriteria>
    A list of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings.
    Inclusions []AnalyzerInternalAccessAnalysisRuleCriteria
    A list of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings.
    inclusions List<AnalyzerInternalAccessAnalysisRuleCriteria>
    A list of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings.
    inclusions AnalyzerInternalAccessAnalysisRuleCriteria[]
    A list of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings.
    inclusions Sequence[AnalyzerInternalAccessAnalysisRuleCriteria]
    A list of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings.
    inclusions List<Property Map>
    A list of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings.

    AnalyzerTag

    Key string
    The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    Value string
    The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    Key string
    The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    Value string
    The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    key String
    The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    value String
    The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    key string
    The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    value string
    The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    key str
    The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    value str
    The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    key String
    The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    value String
    The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

    AnalyzerUnusedAccessConfiguration

    AnalysisRule Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerUnusedAccessConfigurationAnalysisRuleProperties
    Contains information about rules for the analyzer.
    UnusedAccessAge int
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.
    AnalysisRule AnalyzerUnusedAccessConfigurationAnalysisRuleProperties
    Contains information about rules for the analyzer.
    UnusedAccessAge int
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.
    analysisRule AnalyzerUnusedAccessConfigurationAnalysisRuleProperties
    Contains information about rules for the analyzer.
    unusedAccessAge Integer
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.
    analysisRule AnalyzerUnusedAccessConfigurationAnalysisRuleProperties
    Contains information about rules for the analyzer.
    unusedAccessAge number
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.
    analysis_rule AnalyzerUnusedAccessConfigurationAnalysisRuleProperties
    Contains information about rules for the analyzer.
    unused_access_age int
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.
    analysisRule Property Map
    Contains information about rules for the analyzer.
    unusedAccessAge Number
    The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.

    AnalyzerUnusedAccessConfigurationAnalysisRuleProperties

    Exclusions List<Pulumi.AwsNative.AccessAnalyzer.Inputs.AnalyzerAnalysisRuleCriteria>
    A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.
    Exclusions []AnalyzerAnalysisRuleCriteria
    A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.
    exclusions List<AnalyzerAnalysisRuleCriteria>
    A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.
    exclusions AnalyzerAnalysisRuleCriteria[]
    A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.
    exclusions Sequence[AnalyzerAnalysisRuleCriteria]
    A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.
    exclusions List<Property Map>
    A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.

    Tag

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.32.0 published on Wednesday, Aug 13, 2025 by Pulumi
    pulumi/pulumi-aws-native