Exclude conditions in Network Access Analyzer

A Network Access Scope produces findings only for paths that match at least one match condition, but do not match any exclude conditions.

An exclude condition can contain source, destination, and through fields. Each field is optional, but you must specify at least one field. Each source and destination can include a resource statement, a packet header statement, or both.

A through entry contains exactly one element that contains a resource statement. It excludes paths that contain the specified network component anywhere along the path, not just at the beginning or end. You can use a through entry in combination with a source, a destination, or both a source and a destination.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Match conditions

Example Network Access Scopes