AccessAnalyzer / Client / list_findings_v2

list_findings_v2

AccessAnalyzer.Client.list_findings_v2(**kwargs)

Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use access-analyzer:ListFindings in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:ListFindings action.

To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.

See also: AWS API Documentation

Request Syntax

response = client.list_findings_v2(
    analyzerArn='string',
    filter={
        'string': {
            'eq': [
                'string',
            ],
            'neq': [
                'string',
            ],
            'contains': [
                'string',
            ],
            'exists': True|False
        }
    },
    maxResults=123,
    nextToken='string',
    sort={
        'attributeName': 'string',
        'orderBy': 'ASC'|'DESC'
    }
)
Parameters:

  • analyzerArn (string) –

    [REQUIRED]

    The ARN of the analyzer to retrieve findings from.

  • filter (dict) –

    A filter to match for the findings to return.

    • (string) –

      • (dict) –

        The criteria to use in the filter that defines the archive rule. For more information on available filter keys, see IAM Access Analyzer filter keys.

        • eq (list) –

          An “equals” operator to match for the filter used to create the rule.

          • (string) –

        • neq (list) –

          A “not equals” operator to match for the filter used to create the rule.

          • (string) –

        • contains (list) –

          A “contains” operator to match for the filter used to create the rule.

          • (string) –

        • exists (boolean) –

          An “exists” operator to match for the filter used to create the rule.

  • maxResults (integer) – The maximum number of results to return in the response.

  • nextToken (string) – A token used for pagination of results returned.

  • sort (dict) –

    The criteria used to sort.

    • attributeName (string) –

      The name of the attribute to sort on.

    • orderBy (string) –

      The sort order, ascending or descending.

Return type:

dict

Returns:

Response Syntax

{
    'findings': [
        {
            'analyzedAt': datetime(2015, 1, 1),
            'createdAt': datetime(2015, 1, 1),
            'error': 'string',
            'id': 'string',
            'resource': 'string',
            'resourceType': 'AWS::S3::Bucket'|'AWS::IAM::Role'|'AWS::SQS::Queue'|'AWS::Lambda::Function'|'AWS::Lambda::LayerVersion'|'AWS::KMS::Key'|'AWS::SecretsManager::Secret'|'AWS::EFS::FileSystem'|'AWS::EC2::Snapshot'|'AWS::ECR::Repository'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBClusterSnapshot'|'AWS::SNS::Topic'|'AWS::S3Express::DirectoryBucket'|'AWS::DynamoDB::Table'|'AWS::DynamoDB::Stream'|'AWS::IAM::User',
            'resourceOwnerAccount': 'string',
            'status': 'ACTIVE'|'ARCHIVED'|'RESOLVED',
            'updatedAt': datetime(2015, 1, 1),
            'findingType': 'ExternalAccess'|'UnusedIAMRole'|'UnusedIAMUserAccessKey'|'UnusedIAMUserPassword'|'UnusedPermission'|'InternalAccess'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) –

    • findings (list) –

      A list of findings retrieved from the analyzer that match the filter criteria specified, if any.

      • (dict) –

        Contains information about a finding.

        • analyzedAt (datetime) –

          The time at which the resource-based policy or IAM entity that generated the finding was analyzed.

        • createdAt (datetime) –

          The time at which the finding was created.

        • error (string) –

          The error that resulted in an Error finding.

        • id (string) –

          The ID of the finding.

        • resource (string) –

          The resource that the external principal has access to.

        • resourceType (string) –

          The type of the resource that the external principal has access to.

        • resourceOwnerAccount (string) –

          The Amazon Web Services account ID that owns the resource.

        • status (string) –

          The status of the finding.

        • updatedAt (datetime) –

          The time at which the finding was most recently updated.

        • findingType (string) –

          The type of the access finding. For external access analyzers, the type is ExternalAccess. For unused access analyzers, the type can be UnusedIAMRole, UnusedIAMUserAccessKey, UnusedIAMUserPassword, or UnusedPermission. For internal access analyzers, the type is InternalAccess.

    • nextToken (string) –

      A token used for pagination of results returned.

Exceptions

  • AccessAnalyzer.Client.exceptions.ResourceNotFoundException

  • AccessAnalyzer.Client.exceptions.ValidationException

  • AccessAnalyzer.Client.exceptions.InternalServerException

  • AccessAnalyzer.Client.exceptions.ThrottlingException

  • AccessAnalyzer.Client.exceptions.AccessDeniedException