AWS::AccessAnalyzer::Analyzer InternalAccessAnalysisRuleCriteria - AWS CloudFormation
SyntaxProperties

This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::AccessAnalyzer::Analyzer InternalAccessAnalysisRuleCriteria

The criteria for an analysis rule for an internal access analyzer.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "AccountIds" : [ String, ... ],
  "ResourceArns" : [ String, ... ],
  "ResourceTypes" : [ String, ... ]
}

YAML

  AccountIds: 
    - String
  ResourceArns: 
    - String
  ResourceTypes: 
    - String

Properties

AccountIds

A list of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.

Required: No

Type: Array of String

Update requires: Some interruptions

ResourceArns

A list of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.

Required: No

Type: Array of String

Update requires: Some interruptions

ResourceTypes

A list of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types. These resource types are currently supported for internal access analyzers:

  • AWS::S3::Bucket

  • AWS::RDS::DBSnapshot

  • AWS::RDS::DBClusterSnapshot

  • AWS::S3Express::DirectoryBucket

  • AWS::DynamoDB::Table

  • AWS::DynamoDB::Stream

Required: No

Type: Array of String

Update requires: Some interruptions