AccessAnalyzer / Client / get_analyzed_resource

get_analyzed_resource#

AccessAnalyzer.Client.get_analyzed_resource(**kwargs)#

Retrieves information about a resource that was analyzed.

See also: AWS API Documentation

Request Syntax

response = client.get_analyzed_resource(
    analyzerArn='string',
    resourceArn='string'
)
Parameters:
  • analyzerArn (string) –

    [REQUIRED]

    The ARN of the analyzer to retrieve information from.

  • resourceArn (string) –

    [REQUIRED]

    The ARN of the resource to retrieve information about.

Return type:

dict

Returns:

Response Syntax

{
    'resource': {
        'resourceArn': 'string',
        'resourceType': 'AWS::S3::Bucket'|'AWS::IAM::Role'|'AWS::SQS::Queue'|'AWS::Lambda::Function'|'AWS::Lambda::LayerVersion'|'AWS::KMS::Key'|'AWS::SecretsManager::Secret'|'AWS::EFS::FileSystem'|'AWS::EC2::Snapshot'|'AWS::ECR::Repository'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBClusterSnapshot'|'AWS::SNS::Topic'|'AWS::S3Express::DirectoryBucket'|'AWS::DynamoDB::Table'|'AWS::DynamoDB::Stream'|'AWS::IAM::User',
        'createdAt': datetime(2015, 1, 1),
        'analyzedAt': datetime(2015, 1, 1),
        'updatedAt': datetime(2015, 1, 1),
        'isPublic': True|False,
        'actions': [
            'string',
        ],
        'sharedVia': [
            'string',
        ],
        'status': 'ACTIVE'|'ARCHIVED'|'RESOLVED',
        'resourceOwnerAccount': 'string',
        'error': 'string'
    }
}

Response Structure

  • (dict) –

    The response to the request.

    • resource (dict) –

      An AnalyzedResource object that contains information that IAM Access Analyzer found when it analyzed the resource.

      • resourceArn (string) –

        The ARN of the resource that was analyzed.

      • resourceType (string) –

        The type of the resource that was analyzed.

      • createdAt (datetime) –

        The time at which the finding was created.

      • analyzedAt (datetime) –

        The time at which the resource was analyzed.

      • updatedAt (datetime) –

        The time at which the finding was updated.

      • isPublic (boolean) –

        Indicates whether the policy that generated the finding grants public access to the resource.

      • actions (list) –

        The actions that an external principal is granted permission to use by the policy that generated the finding.

        • (string) –

      • sharedVia (list) –

        Indicates how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.

        • (string) –

      • status (string) –

        The current status of the finding generated from the analyzed resource.

      • resourceOwnerAccount (string) –

        The Amazon Web Services account ID that owns the resource.

      • error (string) –

        An error message.

Exceptions

  • AccessAnalyzer.Client.exceptions.ResourceNotFoundException

  • AccessAnalyzer.Client.exceptions.ValidationException

  • AccessAnalyzer.Client.exceptions.InternalServerException

  • AccessAnalyzer.Client.exceptions.ThrottlingException

  • AccessAnalyzer.Client.exceptions.AccessDeniedException