AccessAnalyzer / Paginator / GetFindingV2

GetFindingV2#

class AccessAnalyzer.Paginator.GetFindingV2#
paginator = client.get_paginator('get_finding_v2')
paginate(**kwargs)#

Creates an iterator that will paginate through responses from AccessAnalyzer.Client.get_finding_v2().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    analyzerArn='string',
    id='string',
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters:
  • analyzerArn (string) –

    [REQUIRED]

    The ARN of the analyzer that generated the finding.

  • id (string) –

    [REQUIRED]

    The ID of the finding to retrieve.

  • PaginationConfig (dict) –

    A dictionary that provides parameters to control pagination.

    • MaxItems (integer) –

      The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

    • PageSize (integer) –

      The size of each page.

    • StartingToken (string) –

      A token to specify where to start paginating. This is the NextToken from a previous response.

Return type:

dict

Returns:

Response Syntax

{
    'analyzedAt': datetime(2015, 1, 1),
    'createdAt': datetime(2015, 1, 1),
    'error': 'string',
    'id': 'string',
    'resource': 'string',
    'resourceType': 'AWS::S3::Bucket'|'AWS::IAM::Role'|'AWS::SQS::Queue'|'AWS::Lambda::Function'|'AWS::Lambda::LayerVersion'|'AWS::KMS::Key'|'AWS::SecretsManager::Secret'|'AWS::EFS::FileSystem'|'AWS::EC2::Snapshot'|'AWS::ECR::Repository'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBClusterSnapshot'|'AWS::SNS::Topic'|'AWS::S3Express::DirectoryBucket'|'AWS::DynamoDB::Table'|'AWS::DynamoDB::Stream',
    'resourceOwnerAccount': 'string',
    'status': 'ACTIVE'|'ARCHIVED'|'RESOLVED',
    'updatedAt': datetime(2015, 1, 1),
    'findingDetails': [
        {
            'externalAccessDetails': {
                'action': [
                    'string',
                ],
                'condition': {
                    'string': 'string'
                },
                'isPublic': True|False,
                'principal': {
                    'string': 'string'
                },
                'sources': [
                    {
                        'type': 'POLICY'|'BUCKET_ACL'|'S3_ACCESS_POINT'|'S3_ACCESS_POINT_ACCOUNT',
                        'detail': {
                            'accessPointArn': 'string',
                            'accessPointAccount': 'string'
                        }
                    },
                ]
            },
            'unusedPermissionDetails': {
                'actions': [
                    {
                        'action': 'string',
                        'lastAccessed': datetime(2015, 1, 1)
                    },
                ],
                'serviceNamespace': 'string',
                'lastAccessed': datetime(2015, 1, 1)
            },
            'unusedIamUserAccessKeyDetails': {
                'accessKeyId': 'string',
                'lastAccessed': datetime(2015, 1, 1)
            },
            'unusedIamRoleDetails': {
                'lastAccessed': datetime(2015, 1, 1)
            },
            'unusedIamUserPasswordDetails': {
                'lastAccessed': datetime(2015, 1, 1)
            }
        },
    ],
    'findingType': 'ExternalAccess'|'UnusedIAMRole'|'UnusedIAMUserAccessKey'|'UnusedIAMUserPassword'|'UnusedPermission',
    'NextToken': 'string'
}

Response Structure

  • (dict) –

    • analyzedAt (datetime) –

      The time at which the resource-based policy or IAM entity that generated the finding was analyzed.

    • createdAt (datetime) –

      The time at which the finding was created.

    • error (string) –

      An error.

    • id (string) –

      The ID of the finding to retrieve.

    • resource (string) –

      The resource that generated the finding.

    • resourceType (string) –

      The type of the resource identified in the finding.

    • resourceOwnerAccount (string) –

      Tye Amazon Web Services account ID that owns the resource.

    • status (string) –

      The status of the finding.

    • updatedAt (datetime) –

      The time at which the finding was updated.

    • findingDetails (list) –

      A localized message that explains the finding and provides guidance on how to address it.

      • (dict) –

        Contains information about an external access or unused access finding. Only one parameter can be used in a FindingDetails object.

        Note

        This is a Tagged Union structure. Only one of the following top level keys will be set: externalAccessDetails, unusedPermissionDetails, unusedIamUserAccessKeyDetails, unusedIamRoleDetails, unusedIamUserPasswordDetails. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

        'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
        
        • externalAccessDetails (dict) –

          The details for an external access analyzer finding.

          • action (list) –

            The action in the analyzed policy statement that an external principal has permission to use.

            • (string) –

          • condition (dict) –

            The condition in the analyzed policy statement that resulted in an external access finding.

            • (string) –

              • (string) –

          • isPublic (boolean) –

            Specifies whether the external access finding is public.

          • principal (dict) –

            The external principal that has access to a resource within the zone of trust.

            • (string) –

              • (string) –

          • sources (list) –

            The sources of the external access finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.

            • (dict) –

              The source of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.

              • type (string) –

                Indicates the type of access that generated the finding.

              • detail (dict) –

                Includes details about how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.

                • accessPointArn (string) –

                  The ARN of the access point that generated the finding. The ARN format depends on whether the ARN represents an access point or a multi-region access point.

                • accessPointAccount (string) –

                  The account of the cross-account access point that generated the finding.

        • unusedPermissionDetails (dict) –

          The details for an unused access analyzer finding with an unused permission finding type.

          • actions (list) –

            A list of unused actions for which the unused access finding was generated.

            • (dict) –

              Contains information about an unused access finding for an action. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing.

              • action (string) –

                The action for which the unused access finding was generated.

              • lastAccessed (datetime) –

                The time at which the action was last accessed.

          • serviceNamespace (string) –

            The namespace of the Amazon Web Services service that contains the unused actions.

          • lastAccessed (datetime) –

            The time at which the permission was last accessed.

        • unusedIamUserAccessKeyDetails (dict) –

          The details for an unused access analyzer finding with an unused IAM user access key finding type.

          • accessKeyId (string) –

            The ID of the access key for which the unused access finding was generated.

          • lastAccessed (datetime) –

            The time at which the access key was last accessed.

        • unusedIamRoleDetails (dict) –

          The details for an unused access analyzer finding with an unused IAM role finding type.

          • lastAccessed (datetime) –

            The time at which the role was last accessed.

        • unusedIamUserPasswordDetails (dict) –

          The details for an unused access analyzer finding with an unused IAM user password finding type.

          • lastAccessed (datetime) –

            The time at which the password was last accessed.

    • findingType (string) –

      The type of the finding. For external access analyzers, the type is ExternalAccess. For unused access analyzers, the type can be UnusedIAMRole, UnusedIAMUserAccessKey, UnusedIAMUserPassword, or UnusedPermission.

    • NextToken (string) –

      A token to resume pagination.