AccessAnalyzer / Client / list_findings
list_findings#
- AccessAnalyzer.Client.list_findings(**kwargs)#
Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use
access-analyzer:ListFindings
in theAction
element of an IAM policy statement. You must have permission to perform theaccess-analyzer:ListFindings
action.To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.
See also: AWS API Documentation
Request Syntax
response = client.list_findings( analyzerArn='string', filter={ 'string': { 'eq': [ 'string', ], 'neq': [ 'string', ], 'contains': [ 'string', ], 'exists': True|False } }, sort={ 'attributeName': 'string', 'orderBy': 'ASC'|'DESC' }, nextToken='string', maxResults=123 )
- Parameters:
analyzerArn (string) –
[REQUIRED]
The ARN of the analyzer to retrieve findings from.
filter (dict) –
A filter to match for the findings to return.
(string) –
(dict) –
The criteria to use in the filter that defines the archive rule. For more information on available filter keys, see IAM Access Analyzer filter keys.
eq (list) –
An “equals” operator to match for the filter used to create the rule.
(string) –
neq (list) –
A “not equals” operator to match for the filter used to create the rule.
(string) –
contains (list) –
A “contains” operator to match for the filter used to create the rule.
(string) –
exists (boolean) –
An “exists” operator to match for the filter used to create the rule.
sort (dict) –
The sort order for the findings returned.
attributeName (string) –
The name of the attribute to sort on.
orderBy (string) –
The sort order, ascending or descending.
nextToken (string) – A token used for pagination of results returned.
maxResults (integer) – The maximum number of results to return in the response.
- Return type:
dict
- Returns:
Response Syntax
{ 'findings': [ { 'id': 'string', 'principal': { 'string': 'string' }, 'action': [ 'string', ], 'resource': 'string', 'isPublic': True|False, 'resourceType': 'AWS::S3::Bucket'|'AWS::IAM::Role'|'AWS::SQS::Queue'|'AWS::Lambda::Function'|'AWS::Lambda::LayerVersion'|'AWS::KMS::Key'|'AWS::SecretsManager::Secret'|'AWS::EFS::FileSystem'|'AWS::EC2::Snapshot'|'AWS::ECR::Repository'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBClusterSnapshot'|'AWS::SNS::Topic'|'AWS::S3Express::DirectoryBucket'|'AWS::DynamoDB::Table'|'AWS::DynamoDB::Stream'|'AWS::IAM::User', 'condition': { 'string': 'string' }, 'createdAt': datetime(2015, 1, 1), 'analyzedAt': datetime(2015, 1, 1), 'updatedAt': datetime(2015, 1, 1), 'status': 'ACTIVE'|'ARCHIVED'|'RESOLVED', 'resourceOwnerAccount': 'string', 'error': 'string', 'sources': [ { 'type': 'POLICY'|'BUCKET_ACL'|'S3_ACCESS_POINT'|'S3_ACCESS_POINT_ACCOUNT', 'detail': { 'accessPointArn': 'string', 'accessPointAccount': 'string' } }, ], 'resourceControlPolicyRestriction': 'APPLICABLE'|'FAILED_TO_EVALUATE_RCP'|'NOT_APPLICABLE' }, ], 'nextToken': 'string' }
Response Structure
(dict) –
The response to the request.
findings (list) –
A list of findings retrieved from the analyzer that match the filter criteria specified, if any.
(dict) –
Contains information about a finding.
id (string) –
The ID of the finding.
principal (dict) –
The external principal that has access to a resource within the zone of trust.
(string) –
(string) –
action (list) –
The action in the analyzed policy statement that an external principal has permission to use.
(string) –
resource (string) –
The resource that the external principal has access to.
isPublic (boolean) –
Indicates whether the finding reports a resource that has a policy that allows public access.
resourceType (string) –
The type of the resource that the external principal has access to.
condition (dict) –
The condition in the analyzed policy statement that resulted in a finding.
(string) –
(string) –
createdAt (datetime) –
The time at which the finding was created.
analyzedAt (datetime) –
The time at which the resource-based policy that generated the finding was analyzed.
updatedAt (datetime) –
The time at which the finding was most recently updated.
status (string) –
The status of the finding.
resourceOwnerAccount (string) –
The Amazon Web Services account ID that owns the resource.
error (string) –
The error that resulted in an Error finding.
sources (list) –
The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
(dict) –
The source of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
type (string) –
Indicates the type of access that generated the finding.
detail (dict) –
Includes details about how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.
accessPointArn (string) –
The ARN of the access point that generated the finding. The ARN format depends on whether the ARN represents an access point or a multi-region access point.
accessPointAccount (string) –
The account of the cross-account access point that generated the finding.
resourceControlPolicyRestriction (string) –
The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).
nextToken (string) –
A token used for pagination of results returned.
Exceptions
AccessAnalyzer.Client.exceptions.ResourceNotFoundException
AccessAnalyzer.Client.exceptions.ValidationException
AccessAnalyzer.Client.exceptions.InternalServerException
AccessAnalyzer.Client.exceptions.ThrottlingException
AccessAnalyzer.Client.exceptions.AccessDeniedException