StartPolicyGeneration - IAM Access Analyzer
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

StartPolicyGeneration

Starts the policy generation request.

Request Syntax

PUT /policy/generation HTTP/1.1
Content-type: application/json

{
   "clientToken": "string",
   "cloudTrailDetails": { 
      "accessRole": "string",
      "endTime": "string",
      "startTime": "string",
      "trails": [ 
         { 
            "allRegions": boolean,
            "cloudTrailArn": "string",
            "regions": [ "string" ]
         }
      ]
   },
   "policyGenerationDetails": { 
      "principalArn": "string"
   }
}

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

clientToken

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, the subsequent retries with the same client token return the result from the original successful request and they have no additional effect.

If you do not specify a client token, one is automatically generated by the AWS SDK.

Type: String

Required: No

cloudTrailDetails

A CloudTrailDetails object that contains details about a Trail that you want to analyze to generate policies.

Type: CloudTrailDetails object

Required: No

policyGenerationDetails

Contains the ARN of the IAM entity (user or role) for which you are generating a policy.

Type: PolicyGenerationDetails object

Required: Yes

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "jobId": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

jobId

The JobId that is returned by the StartPolicyGeneration operation. The JobId can be used with GetGeneratedPolicy to retrieve the generated policies or used with CancelPolicyGeneration to cancel the policy generation request.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 403

ConflictException

A conflict exception error.

HTTP Status Code: 409

InternalServerException

Internal server error.

HTTP Status Code: 500

ServiceQuotaExceededException

Service quote met error.

HTTP Status Code: 402

ThrottlingException

Throttling limit exceeded error.

HTTP Status Code: 429

ValidationException

Validation exception error.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: