Docs Home
AWS v7.2.0 published on Thursday, Jul 31, 2025 by Pulumi
aws.accessanalyzer.Analyzer
Explore with Pulumi AI
Manages an Access Analyzer Analyzer. More information can be found in the Access Analyzer User Guide.
Example Usage
Account Analyzer
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.accessanalyzer.Analyzer("example", {analyzerName: "example"});
import pulumi
import pulumi_aws as aws
example = aws.accessanalyzer.Analyzer("example", analyzer_name="example")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/accessanalyzer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := accessanalyzer.NewAnalyzer(ctx, "example", &accessanalyzer.AnalyzerArgs{
AnalyzerName: pulumi.String("example"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.AccessAnalyzer.Analyzer("example", new()
{
AnalyzerName = "example",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.accessanalyzer.Analyzer;
import com.pulumi.aws.accessanalyzer.AnalyzerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Analyzer("example", AnalyzerArgs.builder()
.analyzerName("example")
.build());
}
}
resources:
example:
type: aws:accessanalyzer:Analyzer
properties:
analyzerName: example
Organization Analyzer
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.organizations.Organization("example", {awsServiceAccessPrincipals: ["access-analyzer.amazonaws.com"]});
const exampleAnalyzer = new aws.accessanalyzer.Analyzer("example", {
analyzerName: "example",
type: "ORGANIZATION",
}, {
dependsOn: [example],
});
import pulumi
import pulumi_aws as aws
example = aws.organizations.Organization("example", aws_service_access_principals=["access-analyzer.amazonaws.com"])
example_analyzer = aws.accessanalyzer.Analyzer("example",
analyzer_name="example",
type="ORGANIZATION",
opts = pulumi.ResourceOptions(depends_on=[example]))
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/accessanalyzer"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := organizations.NewOrganization(ctx, "example", &organizations.OrganizationArgs{
AwsServiceAccessPrincipals: pulumi.StringArray{
pulumi.String("access-analyzer.amazonaws.com"),
},
})
if err != nil {
return err
}
_, err = accessanalyzer.NewAnalyzer(ctx, "example", &accessanalyzer.AnalyzerArgs{
AnalyzerName: pulumi.String("example"),
Type: pulumi.String("ORGANIZATION"),
}, pulumi.DependsOn([]pulumi.Resource{
example,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Organizations.Organization("example", new()
{
AwsServiceAccessPrincipals = new[]
{
"access-analyzer.amazonaws.com",
},
});
var exampleAnalyzer = new Aws.AccessAnalyzer.Analyzer("example", new()
{
AnalyzerName = "example",
Type = "ORGANIZATION",
}, new CustomResourceOptions
{
DependsOn =
{
example,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.Organization;
import com.pulumi.aws.organizations.OrganizationArgs;
import com.pulumi.aws.accessanalyzer.Analyzer;
import com.pulumi.aws.accessanalyzer.AnalyzerArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Organization("example", OrganizationArgs.builder()
.awsServiceAccessPrincipals("access-analyzer.amazonaws.com")
.build());
var exampleAnalyzer = new Analyzer("exampleAnalyzer", AnalyzerArgs.builder()
.analyzerName("example")
.type("ORGANIZATION")
.build(), CustomResourceOptions.builder()
.dependsOn(example)
.build());
}
}
resources:
example:
type: aws:organizations:Organization
properties:
awsServiceAccessPrincipals:
- access-analyzer.amazonaws.com
exampleAnalyzer:
type: aws:accessanalyzer:Analyzer
name: example
properties:
analyzerName: example
type: ORGANIZATION
options:
dependsOn:
- ${example}
Organization Unused Access Analyzer With Analysis Rule
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.accessanalyzer.Analyzer("example", {
analyzerName: "example",
type: "ORGANIZATION_UNUSED_ACCESS",
configuration: {
unusedAccess: {
unusedAccessAge: 180,
analysisRule: {
exclusions: [
{
accountIds: [
"123456789012",
"234567890123",
],
},
{
resourceTags: [
{
key1: "value1",
},
{
key2: "value2",
},
],
},
],
},
},
},
});
import pulumi
import pulumi_aws as aws
example = aws.accessanalyzer.Analyzer("example",
analyzer_name="example",
type="ORGANIZATION_UNUSED_ACCESS",
configuration={
"unused_access": {
"unused_access_age": 180,
"analysis_rule": {
"exclusions": [
{
"account_ids": [
"123456789012",
"234567890123",
],
},
{
"resource_tags": [
{
"key1": "value1",
},
{
"key2": "value2",
},
],
},
],
},
},
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/accessanalyzer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := accessanalyzer.NewAnalyzer(ctx, "example", &accessanalyzer.AnalyzerArgs{
AnalyzerName: pulumi.String("example"),
Type: pulumi.String("ORGANIZATION_UNUSED_ACCESS"),
Configuration: &accessanalyzer.AnalyzerConfigurationArgs{
UnusedAccess: &accessanalyzer.AnalyzerConfigurationUnusedAccessArgs{
UnusedAccessAge: pulumi.Int(180),
AnalysisRule: &accessanalyzer.AnalyzerConfigurationUnusedAccessAnalysisRuleArgs{
Exclusions: accessanalyzer.AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArray{
&accessanalyzer.AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArgs{
AccountIds: pulumi.StringArray{
pulumi.String("123456789012"),
pulumi.String("234567890123"),
},
},
&accessanalyzer.AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArgs{
ResourceTags: pulumi.StringMapArray{
pulumi.StringMap{
"key1": pulumi.String("value1"),
},
pulumi.StringMap{
"key2": pulumi.String("value2"),
},
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.AccessAnalyzer.Analyzer("example", new()
{
AnalyzerName = "example",
Type = "ORGANIZATION_UNUSED_ACCESS",
Configuration = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationArgs
{
UnusedAccess = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationUnusedAccessArgs
{
UnusedAccessAge = 180,
AnalysisRule = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationUnusedAccessAnalysisRuleArgs
{
Exclusions = new[]
{
new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArgs
{
AccountIds = new[]
{
"123456789012",
"234567890123",
},
},
new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArgs
{
ResourceTags = new[]
{
{
{ "key1", "value1" },
},
{
{ "key2", "value2" },
},
},
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.accessanalyzer.Analyzer;
import com.pulumi.aws.accessanalyzer.AnalyzerArgs;
import com.pulumi.aws.accessanalyzer.inputs.AnalyzerConfigurationArgs;
import com.pulumi.aws.accessanalyzer.inputs.AnalyzerConfigurationUnusedAccessArgs;
import com.pulumi.aws.accessanalyzer.inputs.AnalyzerConfigurationUnusedAccessAnalysisRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Analyzer("example", AnalyzerArgs.builder()
.analyzerName("example")
.type("ORGANIZATION_UNUSED_ACCESS")
.configuration(AnalyzerConfigurationArgs.builder()
.unusedAccess(AnalyzerConfigurationUnusedAccessArgs.builder()
.unusedAccessAge(180)
.analysisRule(AnalyzerConfigurationUnusedAccessAnalysisRuleArgs.builder()
.exclusions(
AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArgs.builder()
.accountIds(
"123456789012",
"234567890123")
.build(),
AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArgs.builder()
.resourceTags(
Map.of("key1", "value1"),
Map.of("key2", "value2"))
.build())
.build())
.build())
.build())
.build());
}
}
resources:
example:
type: aws:accessanalyzer:Analyzer
properties:
analyzerName: example
type: ORGANIZATION_UNUSED_ACCESS
configuration:
unusedAccess:
unusedAccessAge: 180
analysisRule:
exclusions:
- accountIds:
- '123456789012'
- '234567890123'
- resourceTags:
- key1: value1
- key2: value2
Account Internal Access Analyzer by Resource Types
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = new aws.accessanalyzer.Analyzer("test", {
analyzerName: "example",
type: "ORGANIZATION_INTERNAL_ACCESS",
configuration: {
internalAccess: {
analysisRule: {
inclusions: [{
resourceTypes: [
"AWS::S3::Bucket",
"AWS::RDS::DBSnapshot",
"AWS::DynamoDB::Table",
],
}],
},
},
},
});
import pulumi
import pulumi_aws as aws
test = aws.accessanalyzer.Analyzer("test",
analyzer_name="example",
type="ORGANIZATION_INTERNAL_ACCESS",
configuration={
"internal_access": {
"analysis_rule": {
"inclusions": [{
"resource_types": [
"AWS::S3::Bucket",
"AWS::RDS::DBSnapshot",
"AWS::DynamoDB::Table",
],
}],
},
},
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/accessanalyzer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := accessanalyzer.NewAnalyzer(ctx, "test", &accessanalyzer.AnalyzerArgs{
AnalyzerName: pulumi.String("example"),
Type: pulumi.String("ORGANIZATION_INTERNAL_ACCESS"),
Configuration: &accessanalyzer.AnalyzerConfigurationArgs{
InternalAccess: &accessanalyzer.AnalyzerConfigurationInternalAccessArgs{
AnalysisRule: &accessanalyzer.AnalyzerConfigurationInternalAccessAnalysisRuleArgs{
Inclusions: accessanalyzer.AnalyzerConfigurationInternalAccessAnalysisRuleInclusionArray{
&accessanalyzer.AnalyzerConfigurationInternalAccessAnalysisRuleInclusionArgs{
ResourceTypes: pulumi.StringArray{
pulumi.String("AWS::S3::Bucket"),
pulumi.String("AWS::RDS::DBSnapshot"),
pulumi.String("AWS::DynamoDB::Table"),
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = new Aws.AccessAnalyzer.Analyzer("test", new()
{
AnalyzerName = "example",
Type = "ORGANIZATION_INTERNAL_ACCESS",
Configuration = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationArgs
{
InternalAccess = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationInternalAccessArgs
{
AnalysisRule = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationInternalAccessAnalysisRuleArgs
{
Inclusions = new[]
{
new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationInternalAccessAnalysisRuleInclusionArgs
{
ResourceTypes = new[]
{
"AWS::S3::Bucket",
"AWS::RDS::DBSnapshot",
"AWS::DynamoDB::Table",
},
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.accessanalyzer.Analyzer;
import com.pulumi.aws.accessanalyzer.AnalyzerArgs;
import com.pulumi.aws.accessanalyzer.inputs.AnalyzerConfigurationArgs;
import com.pulumi.aws.accessanalyzer.inputs.AnalyzerConfigurationInternalAccessArgs;
import com.pulumi.aws.accessanalyzer.inputs.AnalyzerConfigurationInternalAccessAnalysisRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new Analyzer("test", AnalyzerArgs.builder()
.analyzerName("example")
.type("ORGANIZATION_INTERNAL_ACCESS")
.configuration(AnalyzerConfigurationArgs.builder()
.internalAccess(AnalyzerConfigurationInternalAccessArgs.builder()
.analysisRule(AnalyzerConfigurationInternalAccessAnalysisRuleArgs.builder()
.inclusions(AnalyzerConfigurationInternalAccessAnalysisRuleInclusionArgs.builder()
.resourceTypes(
"AWS::S3::Bucket",
"AWS::RDS::DBSnapshot",
"AWS::DynamoDB::Table")
.build())
.build())
.build())
.build())
.build());
}
}
resources:
test:
type: aws:accessanalyzer:Analyzer
properties:
analyzerName: example
type: ORGANIZATION_INTERNAL_ACCESS
configuration:
internalAccess:
analysisRule:
inclusions:
- resourceTypes:
- AWS::S3::Bucket
- AWS::RDS::DBSnapshot
- AWS::DynamoDB::Table
Organization Internal Access Analyzer by Account ID and Resource ARN
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = new aws.accessanalyzer.Analyzer("test", {
analyzerName: "example",
type: "ORGANIZATION_INTERNAL_ACCESS",
configuration: {
internalAccess: {
analysisRule: {
inclusions: [{
accountIds: ["123456789012"],
resourceArns: ["arn:aws:s3:::my-example-bucket"],
}],
},
},
},
});
import pulumi
import pulumi_aws as aws
test = aws.accessanalyzer.Analyzer("test",
analyzer_name="example",
type="ORGANIZATION_INTERNAL_ACCESS",
configuration={
"internal_access": {
"analysis_rule": {
"inclusions": [{
"account_ids": ["123456789012"],
"resource_arns": ["arn:aws:s3:::my-example-bucket"],
}],
},
},
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/accessanalyzer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := accessanalyzer.NewAnalyzer(ctx, "test", &accessanalyzer.AnalyzerArgs{
AnalyzerName: pulumi.String("example"),
Type: pulumi.String("ORGANIZATION_INTERNAL_ACCESS"),
Configuration: &accessanalyzer.AnalyzerConfigurationArgs{
InternalAccess: &accessanalyzer.AnalyzerConfigurationInternalAccessArgs{
AnalysisRule: &accessanalyzer.AnalyzerConfigurationInternalAccessAnalysisRuleArgs{
Inclusions: accessanalyzer.AnalyzerConfigurationInternalAccessAnalysisRuleInclusionArray{
&accessanalyzer.AnalyzerConfigurationInternalAccessAnalysisRuleInclusionArgs{
AccountIds: pulumi.StringArray{
pulumi.String("123456789012"),
},
ResourceArns: pulumi.StringArray{
pulumi.String("arn:aws:s3:::my-example-bucket"),
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = new Aws.AccessAnalyzer.Analyzer("test", new()
{
AnalyzerName = "example",
Type = "ORGANIZATION_INTERNAL_ACCESS",
Configuration = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationArgs
{
InternalAccess = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationInternalAccessArgs
{
AnalysisRule = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationInternalAccessAnalysisRuleArgs
{
Inclusions = new[]
{
new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationInternalAccessAnalysisRuleInclusionArgs
{
AccountIds = new[]
{
"123456789012",
},
ResourceArns = new[]
{
"arn:aws:s3:::my-example-bucket",
},
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.accessanalyzer.Analyzer;
import com.pulumi.aws.accessanalyzer.AnalyzerArgs;
import com.pulumi.aws.accessanalyzer.inputs.AnalyzerConfigurationArgs;
import com.pulumi.aws.accessanalyzer.inputs.AnalyzerConfigurationInternalAccessArgs;
import com.pulumi.aws.accessanalyzer.inputs.AnalyzerConfigurationInternalAccessAnalysisRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new Analyzer("test", AnalyzerArgs.builder()
.analyzerName("example")
.type("ORGANIZATION_INTERNAL_ACCESS")
.configuration(AnalyzerConfigurationArgs.builder()
.internalAccess(AnalyzerConfigurationInternalAccessArgs.builder()
.analysisRule(AnalyzerConfigurationInternalAccessAnalysisRuleArgs.builder()
.inclusions(AnalyzerConfigurationInternalAccessAnalysisRuleInclusionArgs.builder()
.accountIds("123456789012")
.resourceArns("arn:aws:s3:::my-example-bucket")
.build())
.build())
.build())
.build())
.build());
}
}
resources:
test:
type: aws:accessanalyzer:Analyzer
properties:
analyzerName: example
type: ORGANIZATION_INTERNAL_ACCESS
configuration:
internalAccess:
analysisRule:
inclusions:
- accountIds:
- '123456789012'
resourceArns:
- arn:aws:s3:::my-example-bucket
Create Analyzer Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Analyzer(name: string, args: AnalyzerArgs, opts?: CustomResourceOptions);@overload
def Analyzer(resource_name: str,
args: AnalyzerArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Analyzer(resource_name: str,
opts: Optional[ResourceOptions] = None,
analyzer_name: Optional[str] = None,
configuration: Optional[AnalyzerConfigurationArgs] = None,
region: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
type: Optional[str] = None)func NewAnalyzer(ctx *Context, name string, args AnalyzerArgs, opts ...ResourceOption) (*Analyzer, error)public Analyzer(string name, AnalyzerArgs args, CustomResourceOptions? opts = null)
public Analyzer(String name, AnalyzerArgs args)
public Analyzer(String name, AnalyzerArgs args, CustomResourceOptions options)
type: aws:accessanalyzer:Analyzer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AnalyzerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AnalyzerArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AnalyzerArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AnalyzerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AnalyzerArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var analyzerResource = new Aws.AccessAnalyzer.Analyzer("analyzerResource", new()
{
AnalyzerName = "string",
Configuration = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationArgs
{
InternalAccess = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationInternalAccessArgs
{
AnalysisRule = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationInternalAccessAnalysisRuleArgs
{
Inclusions = new[]
{
new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationInternalAccessAnalysisRuleInclusionArgs
{
AccountIds = new[]
{
"string",
},
ResourceArns = new[]
{
"string",
},
ResourceTypes = new[]
{
"string",
},
},
},
},
},
UnusedAccess = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationUnusedAccessArgs
{
AnalysisRule = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationUnusedAccessAnalysisRuleArgs
{
Exclusions = new[]
{
new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArgs
{
AccountIds = new[]
{
"string",
},
ResourceTags = new[]
{
{
{ "string", "string" },
},
},
},
},
},
UnusedAccessAge = 0,
},
},
Region = "string",
Tags =
{
{ "string", "string" },
},
Type = "string",
});
example, err := accessanalyzer.NewAnalyzer(ctx, "analyzerResource", &accessanalyzer.AnalyzerArgs{
AnalyzerName: pulumi.String("string"),
Configuration: &accessanalyzer.AnalyzerConfigurationArgs{
InternalAccess: &accessanalyzer.AnalyzerConfigurationInternalAccessArgs{
AnalysisRule: &accessanalyzer.AnalyzerConfigurationInternalAccessAnalysisRuleArgs{
Inclusions: accessanalyzer.AnalyzerConfigurationInternalAccessAnalysisRuleInclusionArray{
&accessanalyzer.AnalyzerConfigurationInternalAccessAnalysisRuleInclusionArgs{
AccountIds: pulumi.StringArray{
pulumi.String("string"),
},
ResourceArns: pulumi.StringArray{
pulumi.String("string"),
},
ResourceTypes: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
},
UnusedAccess: &accessanalyzer.AnalyzerConfigurationUnusedAccessArgs{
AnalysisRule: &accessanalyzer.AnalyzerConfigurationUnusedAccessAnalysisRuleArgs{
Exclusions: accessanalyzer.AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArray{
&accessanalyzer.AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArgs{
AccountIds: pulumi.StringArray{
pulumi.String("string"),
},
ResourceTags: pulumi.StringMapArray{
pulumi.StringMap{
"string": pulumi.String("string"),
},
},
},
},
},
UnusedAccessAge: pulumi.Int(0),
},
},
Region: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
Type: pulumi.String("string"),
})
var analyzerResource = new Analyzer("analyzerResource", AnalyzerArgs.builder()
.analyzerName("string")
.configuration(AnalyzerConfigurationArgs.builder()
.internalAccess(AnalyzerConfigurationInternalAccessArgs.builder()
.analysisRule(AnalyzerConfigurationInternalAccessAnalysisRuleArgs.builder()
.inclusions(AnalyzerConfigurationInternalAccessAnalysisRuleInclusionArgs.builder()
.accountIds("string")
.resourceArns("string")
.resourceTypes("string")
.build())
.build())
.build())
.unusedAccess(AnalyzerConfigurationUnusedAccessArgs.builder()
.analysisRule(AnalyzerConfigurationUnusedAccessAnalysisRuleArgs.builder()
.exclusions(AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArgs.builder()
.accountIds("string")
.resourceTags(Map.of("string", "string"))
.build())
.build())
.unusedAccessAge(0)
.build())
.build())
.region("string")
.tags(Map.of("string", "string"))
.type("string")
.build());
analyzer_resource = aws.accessanalyzer.Analyzer("analyzerResource",
analyzer_name="string",
configuration={
"internal_access": {
"analysis_rule": {
"inclusions": [{
"account_ids": ["string"],
"resource_arns": ["string"],
"resource_types": ["string"],
}],
},
},
"unused_access": {
"analysis_rule": {
"exclusions": [{
"account_ids": ["string"],
"resource_tags": [{
"string": "string",
}],
}],
},
"unused_access_age": 0,
},
},
region="string",
tags={
"string": "string",
},
type="string")
const analyzerResource = new aws.accessanalyzer.Analyzer("analyzerResource", {
analyzerName: "string",
configuration: {
internalAccess: {
analysisRule: {
inclusions: [{
accountIds: ["string"],
resourceArns: ["string"],
resourceTypes: ["string"],
}],
},
},
unusedAccess: {
analysisRule: {
exclusions: [{
accountIds: ["string"],
resourceTags: [{
string: "string",
}],
}],
},
unusedAccessAge: 0,
},
},
region: "string",
tags: {
string: "string",
},
type: "string",
});
type: aws:accessanalyzer:Analyzer
properties:
analyzerName: string
configuration:
internalAccess:
analysisRule:
inclusions:
- accountIds:
- string
resourceArns:
- string
resourceTypes:
- string
unusedAccess:
analysisRule:
exclusions:
- accountIds:
- string
resourceTags:
- string: string
unusedAccessAge: 0
region: string
tags:
string: string
type: string
Analyzer Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Analyzer resource accepts the following input properties:
- Analyzer
Name string Name of the Analyzer.
The following arguments are optional:
- Configuration
Analyzer
Configuration - A block that specifies the configuration of the analyzer. See
configurationBlock for details. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Dictionary<string, string>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Type string
- Type that represents the zone of trust or scope for the analyzer. Valid values are
ACCOUNT,ACCOUNT_INTERNAL_ACCESS,ACCOUNT_UNUSED_ACCESS,ORGANIZATION,ORGANIZATION_INTERNAL_ACCESS,ORGANIZATION_UNUSED_ACCESS. Defaults toACCOUNT.
- Analyzer
Name string Name of the Analyzer.
The following arguments are optional:
- Configuration
Analyzer
Configuration Args - A block that specifies the configuration of the analyzer. See
configurationBlock for details. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- map[string]string
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Type string
- Type that represents the zone of trust or scope for the analyzer. Valid values are
ACCOUNT,ACCOUNT_INTERNAL_ACCESS,ACCOUNT_UNUSED_ACCESS,ORGANIZATION,ORGANIZATION_INTERNAL_ACCESS,ORGANIZATION_UNUSED_ACCESS. Defaults toACCOUNT.
- analyzer
Name String Name of the Analyzer.
The following arguments are optional:
- configuration
Analyzer
Configuration - A block that specifies the configuration of the analyzer. See
configurationBlock for details. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String,String>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - type String
- Type that represents the zone of trust or scope for the analyzer. Valid values are
ACCOUNT,ACCOUNT_INTERNAL_ACCESS,ACCOUNT_UNUSED_ACCESS,ORGANIZATION,ORGANIZATION_INTERNAL_ACCESS,ORGANIZATION_UNUSED_ACCESS. Defaults toACCOUNT.
- analyzer
Name string Name of the Analyzer.
The following arguments are optional:
- configuration
Analyzer
Configuration - A block that specifies the configuration of the analyzer. See
configurationBlock for details. - region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- {[key: string]: string}
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - type string
- Type that represents the zone of trust or scope for the analyzer. Valid values are
ACCOUNT,ACCOUNT_INTERNAL_ACCESS,ACCOUNT_UNUSED_ACCESS,ORGANIZATION,ORGANIZATION_INTERNAL_ACCESS,ORGANIZATION_UNUSED_ACCESS. Defaults toACCOUNT.
- analyzer_
name str Name of the Analyzer.
The following arguments are optional:
- configuration
Analyzer
Configuration Args - A block that specifies the configuration of the analyzer. See
configurationBlock for details. - region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Mapping[str, str]
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - type str
- Type that represents the zone of trust or scope for the analyzer. Valid values are
ACCOUNT,ACCOUNT_INTERNAL_ACCESS,ACCOUNT_UNUSED_ACCESS,ORGANIZATION,ORGANIZATION_INTERNAL_ACCESS,ORGANIZATION_UNUSED_ACCESS. Defaults toACCOUNT.
- analyzer
Name String Name of the Analyzer.
The following arguments are optional:
- configuration Property Map
- A block that specifies the configuration of the analyzer. See
configurationBlock for details. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - type String
- Type that represents the zone of trust or scope for the analyzer. Valid values are
ACCOUNT,ACCOUNT_INTERNAL_ACCESS,ACCOUNT_UNUSED_ACCESS,ORGANIZATION,ORGANIZATION_INTERNAL_ACCESS,ORGANIZATION_UNUSED_ACCESS. Defaults toACCOUNT.
Outputs
All input properties are implicitly available as output properties. Additionally, the Analyzer resource produces the following output properties:
Look up Existing Analyzer Resource
Get an existing Analyzer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AnalyzerState, opts?: CustomResourceOptions): Analyzer@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
analyzer_name: Optional[str] = None,
arn: Optional[str] = None,
configuration: Optional[AnalyzerConfigurationArgs] = None,
region: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
type: Optional[str] = None) -> Analyzerfunc GetAnalyzer(ctx *Context, name string, id IDInput, state *AnalyzerState, opts ...ResourceOption) (*Analyzer, error)public static Analyzer Get(string name, Input<string> id, AnalyzerState? state, CustomResourceOptions? opts = null)public static Analyzer get(String name, Output<String> id, AnalyzerState state, CustomResourceOptions options)resources: _: type: aws:accessanalyzer:Analyzer get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Analyzer
Name string Name of the Analyzer.
The following arguments are optional:
- Arn string
- ARN of the Analyzer.
- Configuration
Analyzer
Configuration - A block that specifies the configuration of the analyzer. See
configurationBlock for details. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Dictionary<string, string>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Type string
- Type that represents the zone of trust or scope for the analyzer. Valid values are
ACCOUNT,ACCOUNT_INTERNAL_ACCESS,ACCOUNT_UNUSED_ACCESS,ORGANIZATION,ORGANIZATION_INTERNAL_ACCESS,ORGANIZATION_UNUSED_ACCESS. Defaults toACCOUNT.
- Analyzer
Name string Name of the Analyzer.
The following arguments are optional:
- Arn string
- ARN of the Analyzer.
- Configuration
Analyzer
Configuration Args - A block that specifies the configuration of the analyzer. See
configurationBlock for details. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- map[string]string
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Type string
- Type that represents the zone of trust or scope for the analyzer. Valid values are
ACCOUNT,ACCOUNT_INTERNAL_ACCESS,ACCOUNT_UNUSED_ACCESS,ORGANIZATION,ORGANIZATION_INTERNAL_ACCESS,ORGANIZATION_UNUSED_ACCESS. Defaults toACCOUNT.
- analyzer
Name String Name of the Analyzer.
The following arguments are optional:
- arn String
- ARN of the Analyzer.
- configuration
Analyzer
Configuration - A block that specifies the configuration of the analyzer. See
configurationBlock for details. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String,String>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - type String
- Type that represents the zone of trust or scope for the analyzer. Valid values are
ACCOUNT,ACCOUNT_INTERNAL_ACCESS,ACCOUNT_UNUSED_ACCESS,ORGANIZATION,ORGANIZATION_INTERNAL_ACCESS,ORGANIZATION_UNUSED_ACCESS. Defaults toACCOUNT.
- analyzer
Name string Name of the Analyzer.
The following arguments are optional:
- arn string
- ARN of the Analyzer.
- configuration
Analyzer
Configuration - A block that specifies the configuration of the analyzer. See
configurationBlock for details. - region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- {[key: string]: string}
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - type string
- Type that represents the zone of trust or scope for the analyzer. Valid values are
ACCOUNT,ACCOUNT_INTERNAL_ACCESS,ACCOUNT_UNUSED_ACCESS,ORGANIZATION,ORGANIZATION_INTERNAL_ACCESS,ORGANIZATION_UNUSED_ACCESS. Defaults toACCOUNT.
- analyzer_
name str Name of the Analyzer.
The following arguments are optional:
- arn str
- ARN of the Analyzer.
- configuration
Analyzer
Configuration Args - A block that specifies the configuration of the analyzer. See
configurationBlock for details. - region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Mapping[str, str]
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - type str
- Type that represents the zone of trust or scope for the analyzer. Valid values are
ACCOUNT,ACCOUNT_INTERNAL_ACCESS,ACCOUNT_UNUSED_ACCESS,ORGANIZATION,ORGANIZATION_INTERNAL_ACCESS,ORGANIZATION_UNUSED_ACCESS. Defaults toACCOUNT.
- analyzer
Name String Name of the Analyzer.
The following arguments are optional:
- arn String
- ARN of the Analyzer.
- configuration Property Map
- A block that specifies the configuration of the analyzer. See
configurationBlock for details. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - type String
- Type that represents the zone of trust or scope for the analyzer. Valid values are
ACCOUNT,ACCOUNT_INTERNAL_ACCESS,ACCOUNT_UNUSED_ACCESS,ORGANIZATION,ORGANIZATION_INTERNAL_ACCESS,ORGANIZATION_UNUSED_ACCESS. Defaults toACCOUNT.
Supporting Types
AnalyzerConfiguration, AnalyzerConfigurationArgs
- Internal
Access AnalyzerConfiguration Internal Access - Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment. See
internal_accessBlock for details. - Unused
Access AnalyzerConfiguration Unused Access - Specifies the configuration of an unused access analyzer for an AWS organization or account. See
unused_accessBlock for details.
- Internal
Access AnalyzerConfiguration Internal Access - Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment. See
internal_accessBlock for details. - Unused
Access AnalyzerConfiguration Unused Access - Specifies the configuration of an unused access analyzer for an AWS organization or account. See
unused_accessBlock for details.
- internal
Access AnalyzerConfiguration Internal Access - Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment. See
internal_accessBlock for details. - unused
Access AnalyzerConfiguration Unused Access - Specifies the configuration of an unused access analyzer for an AWS organization or account. See
unused_accessBlock for details.
- internal
Access AnalyzerConfiguration Internal Access - Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment. See
internal_accessBlock for details. - unused
Access AnalyzerConfiguration Unused Access - Specifies the configuration of an unused access analyzer for an AWS organization or account. See
unused_accessBlock for details.
- internal_
access AnalyzerConfiguration Internal Access - Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment. See
internal_accessBlock for details. - unused_
access AnalyzerConfiguration Unused Access - Specifies the configuration of an unused access analyzer for an AWS organization or account. See
unused_accessBlock for details.
- internal
Access Property Map - Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment. See
internal_accessBlock for details. - unused
Access Property Map - Specifies the configuration of an unused access analyzer for an AWS organization or account. See
unused_accessBlock for details.
AnalyzerConfigurationInternalAccess, AnalyzerConfigurationInternalAccessArgs
- Analysis
Rule AnalyzerConfiguration Internal Access Analysis Rule - Information about analysis rules for the internal access analyzer. These rules determine which resources and access patterns will be analyzed. See
analysis_ruleBlock for Internal Access Analyzer for details.
- Analysis
Rule AnalyzerConfiguration Internal Access Analysis Rule - Information about analysis rules for the internal access analyzer. These rules determine which resources and access patterns will be analyzed. See
analysis_ruleBlock for Internal Access Analyzer for details.
- analysis
Rule AnalyzerConfiguration Internal Access Analysis Rule - Information about analysis rules for the internal access analyzer. These rules determine which resources and access patterns will be analyzed. See
analysis_ruleBlock for Internal Access Analyzer for details.
- analysis
Rule AnalyzerConfiguration Internal Access Analysis Rule - Information about analysis rules for the internal access analyzer. These rules determine which resources and access patterns will be analyzed. See
analysis_ruleBlock for Internal Access Analyzer for details.
- analysis_
rule AnalyzerConfiguration Internal Access Analysis Rule - Information about analysis rules for the internal access analyzer. These rules determine which resources and access patterns will be analyzed. See
analysis_ruleBlock for Internal Access Analyzer for details.
- analysis
Rule Property Map - Information about analysis rules for the internal access analyzer. These rules determine which resources and access patterns will be analyzed. See
analysis_ruleBlock for Internal Access Analyzer for details.
AnalyzerConfigurationInternalAccessAnalysisRule, AnalyzerConfigurationInternalAccessAnalysisRuleArgs
- Inclusions
List<Analyzer
Configuration Internal Access Analysis Rule Inclusion> - List of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings. See
inclusionBlock for details.
- Inclusions
[]Analyzer
Configuration Internal Access Analysis Rule Inclusion - List of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings. See
inclusionBlock for details.
- inclusions
List<Analyzer
Configuration Internal Access Analysis Rule Inclusion> - List of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings. See
inclusionBlock for details.
- inclusions
Analyzer
Configuration Internal Access Analysis Rule Inclusion[] - List of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings. See
inclusionBlock for details.
- inclusions
Sequence[Analyzer
Configuration Internal Access Analysis Rule Inclusion] - List of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings. See
inclusionBlock for details.
- inclusions List<Property Map>
- List of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings. See
inclusionBlock for details.
AnalyzerConfigurationInternalAccessAnalysisRuleInclusion, AnalyzerConfigurationInternalAccessAnalysisRuleInclusionArgs
- Account
Ids List<string> - List of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
- Resource
Arns List<string> - List of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.
- Resource
Types List<string> - List of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types. Refer to InternalAccessAnalysisRuleCriteria in the AWS IAM Access Analyzer API Reference for valid values.
- Account
Ids []string - List of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
- Resource
Arns []string - List of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.
- Resource
Types []string - List of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types. Refer to InternalAccessAnalysisRuleCriteria in the AWS IAM Access Analyzer API Reference for valid values.
- account
Ids List<String> - List of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
- resource
Arns List<String> - List of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.
- resource
Types List<String> - List of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types. Refer to InternalAccessAnalysisRuleCriteria in the AWS IAM Access Analyzer API Reference for valid values.
- account
Ids string[] - List of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
- resource
Arns string[] - List of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.
- resource
Types string[] - List of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types. Refer to InternalAccessAnalysisRuleCriteria in the AWS IAM Access Analyzer API Reference for valid values.
- account_
ids Sequence[str] - List of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
- resource_
arns Sequence[str] - List of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.
- resource_
types Sequence[str] - List of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types. Refer to InternalAccessAnalysisRuleCriteria in the AWS IAM Access Analyzer API Reference for valid values.
- account
Ids List<String> - List of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
- resource
Arns List<String> - List of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.
- resource
Types List<String> - List of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types. Refer to InternalAccessAnalysisRuleCriteria in the AWS IAM Access Analyzer API Reference for valid values.
AnalyzerConfigurationUnusedAccess, AnalyzerConfigurationUnusedAccessArgs
- Analysis
Rule AnalyzerConfiguration Unused Access Analysis Rule - Information about analysis rules for the analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule. See
analysis_ruleBlock for Unused Access Analyzer for details. - Unused
Access intAge - Specified access age in days for which to generate findings for unused access.
- Analysis
Rule AnalyzerConfiguration Unused Access Analysis Rule - Information about analysis rules for the analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule. See
analysis_ruleBlock for Unused Access Analyzer for details. - Unused
Access intAge - Specified access age in days for which to generate findings for unused access.
- analysis
Rule AnalyzerConfiguration Unused Access Analysis Rule - Information about analysis rules for the analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule. See
analysis_ruleBlock for Unused Access Analyzer for details. - unused
Access IntegerAge - Specified access age in days for which to generate findings for unused access.
- analysis
Rule AnalyzerConfiguration Unused Access Analysis Rule - Information about analysis rules for the analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule. See
analysis_ruleBlock for Unused Access Analyzer for details. - unused
Access numberAge - Specified access age in days for which to generate findings for unused access.
- analysis_
rule AnalyzerConfiguration Unused Access Analysis Rule - Information about analysis rules for the analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule. See
analysis_ruleBlock for Unused Access Analyzer for details. - unused_
access_ intage - Specified access age in days for which to generate findings for unused access.
- analysis
Rule Property Map - Information about analysis rules for the analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule. See
analysis_ruleBlock for Unused Access Analyzer for details. - unused
Access NumberAge - Specified access age in days for which to generate findings for unused access.
AnalyzerConfigurationUnusedAccessAnalysisRule, AnalyzerConfigurationUnusedAccessAnalysisRuleArgs
- Exclusions
List<Analyzer
Configuration Unused Access Analysis Rule Exclusion> - List of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings. See
exclusionBlock for details.
- Exclusions
[]Analyzer
Configuration Unused Access Analysis Rule Exclusion - List of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings. See
exclusionBlock for details.
- exclusions
List<Analyzer
Configuration Unused Access Analysis Rule Exclusion> - List of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings. See
exclusionBlock for details.
- exclusions
Analyzer
Configuration Unused Access Analysis Rule Exclusion[] - List of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings. See
exclusionBlock for details.
- exclusions
Sequence[Analyzer
Configuration Unused Access Analysis Rule Exclusion] - List of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings. See
exclusionBlock for details.
- exclusions List<Property Map>
- List of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings. See
exclusionBlock for details.
AnalyzerConfigurationUnusedAccessAnalysisRuleExclusion, AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArgs
- Account
Ids List<string> - List of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
-
List<Immutable
Dictionary<string, string>> - List of key-value pairs for resource tags to exclude from the analysis.
- Account
Ids []string - List of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
- []map[string]string
- List of key-value pairs for resource tags to exclude from the analysis.
- account
Ids List<String> - List of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
- List<Map<String,String>>
- List of key-value pairs for resource tags to exclude from the analysis.
- account
Ids string[] - List of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
- {[key: string]: string}[]
- List of key-value pairs for resource tags to exclude from the analysis.
- account_
ids Sequence[str] - List of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
- Sequence[Mapping[str, str]]
- List of key-value pairs for resource tags to exclude from the analysis.
- account
Ids List<String> - List of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
- List<Map<String>>
- List of key-value pairs for resource tags to exclude from the analysis.
Import
Using pulumi import, import Access Analyzer Analyzers using the analyzer_name. For example:
$ pulumi import aws:accessanalyzer/analyzer:Analyzer example example
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.