AccessAnalyzer / Client / list_analyzers



Retrieves a list of analyzers.

See also: AWS API Documentation

Request Syntax

response = client.list_analyzers(
  • nextToken (string) – A token used for pagination of results returned.

  • maxResults (integer) – The maximum number of results to return in the response.

  • type (string) – The type of analyzer.

Return type:



Response Syntax

    'analyzers': [
            'arn': 'string',
            'name': 'string',
            'createdAt': datetime(2015, 1, 1),
            'lastResourceAnalyzed': 'string',
            'lastResourceAnalyzedAt': datetime(2015, 1, 1),
            'tags': {
                'string': 'string'
            'status': 'ACTIVE'|'CREATING'|'DISABLED'|'FAILED',
            'statusReason': {
            'configuration': {
                'unusedAccess': {
                    'unusedAccessAge': 123
    'nextToken': 'string'

Response Structure

  • (dict) –

    The response to the request.

    • analyzers (list) –

      The analyzers retrieved.

      • (dict) –

        Contains information about the analyzer.

        • arn (string) –

          The ARN of the analyzer.

        • name (string) –

          The name of the analyzer.

        • type (string) –

          The type of analyzer, which corresponds to the zone of trust chosen for the analyzer.

        • createdAt (datetime) –

          A timestamp for the time at which the analyzer was created.

        • lastResourceAnalyzed (string) –

          The resource that was most recently analyzed by the analyzer.

        • lastResourceAnalyzedAt (datetime) –

          The time at which the most recently analyzed resource was analyzed.

        • tags (dict) –

          The tags added to the analyzer.

          • (string) –

            • (string) –

        • status (string) –

          The status of the analyzer. An Active analyzer successfully monitors supported resources and generates new findings. The analyzer is Disabled when a user action, such as removing trusted access for Identity and Access Management Access Analyzer from Organizations, causes the analyzer to stop generating new findings. The status is Creating when the analyzer creation is in progress and Failed when the analyzer creation has failed.

        • statusReason (dict) –

          The statusReason provides more details about the current status of the analyzer. For example, if the creation for the analyzer fails, a Failed status is returned. For an analyzer with organization as the type, this failure can be due to an issue with creating the service-linked roles required in the member accounts of the Amazon Web Services organization.

          • code (string) –

            The reason code for the current status of the analyzer.

        • configuration (dict) –

          Specifies whether the analyzer is an external access or unused access analyzer.


          This is a Tagged Union structure. Only one of the following top level keys will be set: unusedAccess. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

          'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
          • unusedAccess (dict) –

            Specifies the configuration of an unused access analyzer for an Amazon Web Services organization or account. External access analyzers do not support any configuration.

            • unusedAccessAge (integer) –

              The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn’t been used in 90 or more days since the analyzer’s last scan. You can choose a value between 1 and 180 days.

    • nextToken (string) –

      A token used for pagination of results returned.


  • AccessAnalyzer.Client.exceptions.ValidationException

  • AccessAnalyzer.Client.exceptions.InternalServerException

  • AccessAnalyzer.Client.exceptions.ThrottlingException

  • AccessAnalyzer.Client.exceptions.AccessDeniedException