GetFindingV2 - IAM Access Analyzer

GetFindingV2

Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.

Request Syntax

GET /findingv2/id?analyzerArn=analyzerArn&maxResults=maxResults&nextToken=nextToken HTTP/1.1

URI Request Parameters

The request uses the following URI parameters.

analyzerArn

The ARN of the analyzer that generated the finding.

Pattern: [^:]*:[^:]*:[^:]*:[^:]*:[^:]*:analyzer/.{1,255}

Required: Yes

id

The ID of the finding to retrieve.

Required: Yes

maxResults

The maximum number of results to return in the response.

nextToken

A token used for pagination of results returned.

Request Body

The request does not have a request body.

Response Syntax

HTTP/1.1 200 Content-type: application/json { "analyzedAt": "string", "createdAt": "string", "error": "string", "findingDetails": [ { ... } ], "findingType": "string", "id": "string", "nextToken": "string", "resource": "string", "resourceOwnerAccount": "string", "resourceType": "string", "status": "string", "updatedAt": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

analyzedAt

The time at which the resource-based policy or IAM entity that generated the finding was analyzed.

Type: Timestamp

createdAt

The time at which the finding was created.

Type: Timestamp

error

An error.

Type: String

findingDetails

A localized message that explains the finding and provides guidance on how to address it.

Type: Array of FindingDetails objects

findingType

The type of the finding. For external access analyzers, the type is ExternalAccess. For unused access analyzers, the type can be UnusedIAMRole, UnusedIAMUserAccessKey, UnusedIAMUserPassword, or UnusedPermission.

Type: String

Valid Values: ExternalAccess | UnusedIAMRole | UnusedIAMUserAccessKey | UnusedIAMUserPassword | UnusedPermission

id

The ID of the finding to retrieve.

Type: String

nextToken

A token used for pagination of results returned.

Type: String

resource

The resource that generated the finding.

Type: String

resourceOwnerAccount

Tye AWS account ID that owns the resource.

Type: String

resourceType

The type of the resource identified in the finding.

Type: String

Valid Values: AWS::S3::Bucket | AWS::IAM::Role | AWS::SQS::Queue | AWS::Lambda::Function | AWS::Lambda::LayerVersion | AWS::KMS::Key | AWS::SecretsManager::Secret | AWS::EFS::FileSystem | AWS::EC2::Snapshot | AWS::ECR::Repository | AWS::RDS::DBSnapshot | AWS::RDS::DBClusterSnapshot | AWS::SNS::Topic | AWS::S3Express::DirectoryBucket | AWS::DynamoDB::Table | AWS::DynamoDB::Stream | AWS::IAM::User

status

The status of the finding.

Type: String

Valid Values: ACTIVE | ARCHIVED | RESOLVED

updatedAt

The time at which the finding was updated.

Type: Timestamp

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 403

InternalServerException

Internal server error.

HTTP Status Code: 500

ResourceNotFoundException

The specified resource could not be found.

HTTP Status Code: 404

ThrottlingException

Throttling limit exceeded error.

HTTP Status Code: 429

ValidationException

Validation exception error.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: