get_finding(**kwargs)¶Retrieves information about the specified finding.
See also: AWS API Documentation
Request Syntax
response = client.get_finding(
analyzerArn='string',
id='string'
)
[REQUIRED]
The ARN of the analyzer that generated the finding.
[REQUIRED]
The ID of the finding to retrieve.
dict
Response Syntax
{
'finding': {
'id': 'string',
'principal': {
'string': 'string'
},
'action': [
'string',
],
'resource': 'string',
'isPublic': True|False,
'resourceType': 'AWS::S3::Bucket'|'AWS::IAM::Role'|'AWS::SQS::Queue'|'AWS::Lambda::Function'|'AWS::Lambda::LayerVersion'|'AWS::KMS::Key'|'AWS::SecretsManager::Secret'|'AWS::EFS::FileSystem'|'AWS::EC2::Snapshot'|'AWS::ECR::Repository'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBClusterSnapshot'|'AWS::SNS::Topic',
'condition': {
'string': 'string'
},
'createdAt': datetime(2015, 1, 1),
'analyzedAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'ACTIVE'|'ARCHIVED'|'RESOLVED',
'resourceOwnerAccount': 'string',
'error': 'string',
'sources': [
{
'type': 'POLICY'|'BUCKET_ACL'|'S3_ACCESS_POINT'|'S3_ACCESS_POINT_ACCOUNT',
'detail': {
'accessPointArn': 'string',
'accessPointAccount': 'string'
}
},
]
}
}
Response Structure
(dict) --
The response to the request.
finding (dict) --
A finding object that contains finding details.
id (string) --
The ID of the finding.
principal (dict) --
The external principal that access to a resource within the zone of trust.
action (list) --
The action in the analyzed policy statement that an external principal has permission to use.
resource (string) --
The resource that an external principal has access to.
isPublic (boolean) --
Indicates whether the policy that generated the finding allows public access to the resource.
resourceType (string) --
The type of the resource identified in the finding.
condition (dict) --
The condition in the analyzed policy statement that resulted in a finding.
createdAt (datetime) --
The time at which the finding was generated.
analyzedAt (datetime) --
The time at which the resource was analyzed.
updatedAt (datetime) --
The time at which the finding was updated.
status (string) --
The current status of the finding.
resourceOwnerAccount (string) --
The Amazon Web Services account ID that owns the resource.
error (string) --
An error.
sources (list) --
The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
(dict) --
The source of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
type (string) --
Indicates the type of access that generated the finding.
detail (dict) --
Includes details about how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.
accessPointArn (string) --
The ARN of the access point that generated the finding. The ARN format depends on whether the ARN represents an access point or a multi-region access point.
accessPointAccount (string) --
The account of the cross-account access point that generated the finding.
Exceptions
AccessAnalyzer.Client.exceptions.ResourceNotFoundExceptionAccessAnalyzer.Client.exceptions.ValidationExceptionAccessAnalyzer.Client.exceptions.InternalServerExceptionAccessAnalyzer.Client.exceptions.ThrottlingExceptionAccessAnalyzer.Client.exceptions.AccessDeniedException