AccessAnalyzer / Client / get_finding_recommendation

get_finding_recommendation#

AccessAnalyzer.Client.get_finding_recommendation(**kwargs)#

Retrieves information about a finding recommendation for the specified analyzer.

See also: AWS API Documentation

Request Syntax

response = client.get_finding_recommendation(
    analyzerArn='string',
    id='string',
    maxResults=123,
    nextToken='string'
)
Parameters:
  • analyzerArn (string) –

    [REQUIRED]

    The ARN of the analyzer used to generate the finding recommendation.

  • id (string) –

    [REQUIRED]

    The unique ID for the finding recommendation.

  • maxResults (integer) – The maximum number of results to return in the response.

  • nextToken (string) – A token used for pagination of results returned.

Return type:

dict

Returns:

Response Syntax

{
    'startedAt': datetime(2015, 1, 1),
    'completedAt': datetime(2015, 1, 1),
    'nextToken': 'string',
    'error': {
        'code': 'string',
        'message': 'string'
    },
    'resourceArn': 'string',
    'recommendedSteps': [
        {
            'unusedPermissionsRecommendedStep': {
                'policyUpdatedAt': datetime(2015, 1, 1),
                'recommendedAction': 'CREATE_POLICY'|'DETACH_POLICY',
                'recommendedPolicy': 'string',
                'existingPolicyId': 'string'
            }
        },
    ],
    'recommendationType': 'UnusedPermissionRecommendation',
    'status': 'SUCCEEDED'|'FAILED'|'IN_PROGRESS'
}

Response Structure

  • (dict) –

    • startedAt (datetime) –

      The time at which the retrieval of the finding recommendation was started.

    • completedAt (datetime) –

      The time at which the retrieval of the finding recommendation was completed.

    • nextToken (string) –

      A token used for pagination of results returned.

    • error (dict) –

      Detailed information about the reason that the retrieval of a recommendation for the finding failed.

      • code (string) –

        The error code for a failed retrieval of a recommendation for a finding.

      • message (string) –

        The error message for a failed retrieval of a recommendation for a finding.

    • resourceArn (string) –

      The ARN of the resource of the finding.

    • recommendedSteps (list) –

      A group of recommended steps for the finding.

      • (dict) –

        Contains information about a recommended step for an unused access analyzer finding.

        Note

        This is a Tagged Union structure. Only one of the following top level keys will be set: unusedPermissionsRecommendedStep. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

        'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
        
        • unusedPermissionsRecommendedStep (dict) –

          A recommended step for an unused permissions finding.

          • policyUpdatedAt (datetime) –

            The time at which the existing policy for the unused permissions finding was last updated.

          • recommendedAction (string) –

            A recommendation of whether to create or detach a policy for an unused permissions finding.

          • recommendedPolicy (string) –

            If the recommended action for the unused permissions finding is to replace the existing policy, the contents of the recommended policy to replace the policy specified in the existingPolicyId field.

          • existingPolicyId (string) –

            If the recommended action for the unused permissions finding is to detach a policy, the ID of an existing policy to be detached.

    • recommendationType (string) –

      The type of recommendation for the finding.

    • status (string) –

      The status of the retrieval of the finding recommendation.

Exceptions

  • AccessAnalyzer.Client.exceptions.ResourceNotFoundException

  • AccessAnalyzer.Client.exceptions.ValidationException

  • AccessAnalyzer.Client.exceptions.InternalServerException

  • AccessAnalyzer.Client.exceptions.ThrottlingException

  • AccessAnalyzer.Client.exceptions.AccessDeniedException