Class: Aws::AccessAnalyzer::Types::AccessPreviewFinding

Inherits:

Struct

• Object
• Struct
• Aws::AccessAnalyzer::Types::AccessPreviewFinding

Defined in:

gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb

Overview

An access preview finding generated by the access preview.

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #action ⇒ Array<String>

  The action in the analyzed policy statement that an external principal has permission to perform.

• #change_type ⇒ String

  Provides context on how the access preview finding compares to existing access identified in IAM Access Analyzer.

• #condition ⇒ Hash<String,String>

  The condition in the analyzed policy statement that resulted in a finding.

• #created_at ⇒ Time

  The time at which the access preview finding was created.

• #error ⇒ String

  An error.

• #existing_finding_id ⇒ String

  The existing ID of the finding in IAM Access Analyzer, provided only for existing findings.

• #existing_finding_status ⇒ String

  The existing status of the finding, provided only for existing findings.

• #id ⇒ String

  The ID of the access preview finding.

• #is_public ⇒ Boolean

  Indicates whether the policy that generated the finding allows public access to the resource.

• #principal ⇒ Hash<String,String>

  The external principal that has access to a resource within the zone of trust.

• #resource ⇒ String

  The resource that an external principal has access to.

• #resource_control_policy_restriction ⇒ String

  The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

• #resource_owner_account ⇒ String

  The Amazon Web Services account ID that owns the resource.

• #resource_type ⇒ String

  The type of the resource that can be accessed in the finding.

• #sources ⇒ Array<Types::FindingSource>

  The sources of the finding.

• #status ⇒ String

  The preview status of the finding.

Instance Attribute Details

#action ⇒ Array<String>

The action in the analyzed policy statement that an external principal has permission to perform.

Returns:

• (Array<String>)

# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 202

class AccessPreviewFinding < Struct.new(
  :id,
  :existing_finding_id,
  :existing_finding_status,
  :principal,
  :action,
  :condition,
  :resource,
  :is_public,
  :resource_type,
  :created_at,
  :change_type,
  :status,
  :resource_owner_account,
  :error,
  :sources,
  :resource_control_policy_restriction)
  SENSITIVE = []
  include Aws::Structure
end

#change_type ⇒ String

Provides context on how the access preview finding compares to existing access identified in IAM Access Analyzer.

• New - The finding is for newly-introduced access.

• Unchanged - The preview finding is an existing finding that would remain unchanged.

• Changed - The preview finding is an existing finding with a change in status.

For example, a Changed finding with preview status Resolved and existing status Active indicates the existing Active finding would become Resolved as a result of the proposed permissions change.

Returns:

• (String)

# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 202

class AccessPreviewFinding < Struct.new(
  :id,
  :existing_finding_id,
  :existing_finding_status,
  :principal,
  :action,
  :condition,
  :resource,
  :is_public,
  :resource_type,
  :created_at,
  :change_type,
  :status,
  :resource_owner_account,
  :error,
  :sources,
  :resource_control_policy_restriction)
  SENSITIVE = []
  include Aws::Structure
end

#condition ⇒ Hash<String,String>

The condition in the analyzed policy statement that resulted in a finding.

Returns:

• (Hash<String,String>)

# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 202

class AccessPreviewFinding < Struct.new(
  :id,
  :existing_finding_id,
  :existing_finding_status,
  :principal,
  :action,
  :condition,
  :resource,
  :is_public,
  :resource_type,
  :created_at,
  :change_type,
  :status,
  :resource_owner_account,
  :error,
  :sources,
  :resource_control_policy_restriction)
  SENSITIVE = []
  include Aws::Structure
end

#created_at ⇒ Time

The time at which the access preview finding was created.

Returns:

• (Time)

# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 202

class AccessPreviewFinding < Struct.new(
  :id,
  :existing_finding_id,
  :existing_finding_status,
  :principal,
  :action,
  :condition,
  :resource,
  :is_public,
  :resource_type,
  :created_at,
  :change_type,
  :status,
  :resource_owner_account,
  :error,
  :sources,
  :resource_control_policy_restriction)
  SENSITIVE = []
  include Aws::Structure
end

#error ⇒ String

An error.

Returns:

• (String)

# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 202

class AccessPreviewFinding < Struct.new(
  :id,
  :existing_finding_id,
  :existing_finding_status,
  :principal,
  :action,
  :condition,
  :resource,
  :is_public,
  :resource_type,
  :created_at,
  :change_type,
  :status,
  :resource_owner_account,
  :error,
  :sources,
  :resource_control_policy_restriction)
  SENSITIVE = []
  include Aws::Structure
end

#existing_finding_id ⇒ String

The existing ID of the finding in IAM Access Analyzer, provided only for existing findings.

Returns:

• (String)

# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 202

class AccessPreviewFinding < Struct.new(
  :id,
  :existing_finding_id,
  :existing_finding_status,
  :principal,
  :action,
  :condition,
  :resource,
  :is_public,
  :resource_type,
  :created_at,
  :change_type,
  :status,
  :resource_owner_account,
  :error,
  :sources,
  :resource_control_policy_restriction)
  SENSITIVE = []
  include Aws::Structure
end

#existing_finding_status ⇒ String

The existing status of the finding, provided only for existing findings.

Returns:

• (String)

# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 202

class AccessPreviewFinding < Struct.new(
  :id,
  :existing_finding_id,
  :existing_finding_status,
  :principal,
  :action,
  :condition,
  :resource,
  :is_public,
  :resource_type,
  :created_at,
  :change_type,
  :status,
  :resource_owner_account,
  :error,
  :sources,
  :resource_control_policy_restriction)
  SENSITIVE = []
  include Aws::Structure
end

#id ⇒ String

The ID of the access preview finding. This ID uniquely identifies the element in the list of access preview findings and is not related to the finding ID in Access Analyzer.

Returns:

• (String)

# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 202

class AccessPreviewFinding < Struct.new(
  :id,
  :existing_finding_id,
  :existing_finding_status,
  :principal,
  :action,
  :condition,
  :resource,
  :is_public,
  :resource_type,
  :created_at,
  :change_type,
  :status,
  :resource_owner_account,
  :error,
  :sources,
  :resource_control_policy_restriction)
  SENSITIVE = []
  include Aws::Structure
end

#is_public ⇒ Boolean

Indicates whether the policy that generated the finding allows public access to the resource.

Returns:

• (Boolean)

# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 202

class AccessPreviewFinding < Struct.new(
  :id,
  :existing_finding_id,
  :existing_finding_status,
  :principal,
  :action,
  :condition,
  :resource,
  :is_public,
  :resource_type,
  :created_at,
  :change_type,
  :status,
  :resource_owner_account,
  :error,
  :sources,
  :resource_control_policy_restriction)
  SENSITIVE = []
  include Aws::Structure
end

#principal ⇒ Hash<String,String>

The external principal that has access to a resource within the zone of trust.

Returns:

• (Hash<String,String>)

# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 202

class AccessPreviewFinding < Struct.new(
  :id,
  :existing_finding_id,
  :existing_finding_status,
  :principal,
  :action,
  :condition,
  :resource,
  :is_public,
  :resource_type,
  :created_at,
  :change_type,
  :status,
  :resource_owner_account,
  :error,
  :sources,
  :resource_control_policy_restriction)
  SENSITIVE = []
  include Aws::Structure
end

#resource ⇒ String

The resource that an external principal has access to. This is the resource associated with the access preview.

Returns:

• (String)

# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 202

class AccessPreviewFinding < Struct.new(
  :id,
  :existing_finding_id,
  :existing_finding_status,
  :principal,
  :action,
  :condition,
  :resource,
  :is_public,
  :resource_type,
  :created_at,
  :change_type,
  :status,
  :resource_owner_account,
  :error,
  :sources,
  :resource_control_policy_restriction)
  SENSITIVE = []
  include Aws::Structure
end

#resource_control_policy_restriction ⇒ String

The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

Returns:

• (String)

# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 202

class AccessPreviewFinding < Struct.new(
  :id,
  :existing_finding_id,
  :existing_finding_status,
  :principal,
  :action,
  :condition,
  :resource,
  :is_public,
  :resource_type,
  :created_at,
  :change_type,
  :status,
  :resource_owner_account,
  :error,
  :sources,
  :resource_control_policy_restriction)
  SENSITIVE = []
  include Aws::Structure
end

#resource_owner_account ⇒ String

The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning account is the account in which the resource was created.

Returns:

• (String)

# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 202

class AccessPreviewFinding < Struct.new(
  :id,
  :existing_finding_id,
  :existing_finding_status,
  :principal,
  :action,
  :condition,
  :resource,
  :is_public,
  :resource_type,
  :created_at,
  :change_type,
  :status,
  :resource_owner_account,
  :error,
  :sources,
  :resource_control_policy_restriction)
  SENSITIVE = []
  include Aws::Structure
end

#resource_type ⇒ String

The type of the resource that can be accessed in the finding.

Returns:

• (String)

# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 202

class AccessPreviewFinding < Struct.new(
  :id,
  :existing_finding_id,
  :existing_finding_status,
  :principal,
  :action,
  :condition,
  :resource,
  :is_public,
  :resource_type,
  :created_at,
  :change_type,
  :status,
  :resource_owner_account,
  :error,
  :sources,
  :resource_control_policy_restriction)
  SENSITIVE = []
  include Aws::Structure
end

#sources ⇒ Array<Types::FindingSource>

The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.

Returns:

• (Array<Types::FindingSource>)

# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 202

class AccessPreviewFinding < Struct.new(
  :id,
  :existing_finding_id,
  :existing_finding_status,
  :principal,
  :action,
  :condition,
  :resource,
  :is_public,
  :resource_type,
  :created_at,
  :change_type,
  :status,
  :resource_owner_account,
  :error,
  :sources,
  :resource_control_policy_restriction)
  SENSITIVE = []
  include Aws::Structure
end

#status ⇒ String

The preview status of the finding. This is what the status of the finding would be after permissions deployment. For example, a Changed finding with preview status Resolved and existing status Active indicates the existing Active finding would become Resolved as a result of the proposed permissions change.

Returns:

• (String)

# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 202

class AccessPreviewFinding < Struct.new(
  :id,
  :existing_finding_id,
  :existing_finding_status,
  :principal,
  :action,
  :condition,
  :resource,
  :is_public,
  :resource_type,
  :created_at,
  :change_type,
  :status,
  :resource_owner_account,
  :error,
  :sources,
  :resource_control_policy_restriction)
  SENSITIVE = []
  include Aws::Structure
end