Class: Aws::AccessAnalyzer::Types::InternalAccessDetails
- Inherits:
- 
      Struct
      
        - Object
- Struct
- Aws::AccessAnalyzer::Types::InternalAccessDetails
 
- Defined in:
- gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb
Overview
Contains information about an internal access finding. This includes details about the access that was identified within your Amazon Web Services organization or account.
Constant Summary collapse
- SENSITIVE =
- [] 
Instance Attribute Summary collapse
- 
  
    
      #access_type  ⇒ String 
    
    
  
  
  
  
    
    
  
  
  
  
  
  
    The type of internal access identified in the finding. 
- 
  
    
      #action  ⇒ Array<String> 
    
    
  
  
  
  
    
    
  
  
  
  
  
  
    The action in the analyzed policy statement that has internal access permission to use. 
- 
  
    
      #condition  ⇒ Hash<String,String> 
    
    
  
  
  
  
    
    
  
  
  
  
  
  
    The condition in the analyzed policy statement that resulted in an internal access finding. 
- 
  
    
      #principal  ⇒ Hash<String,String> 
    
    
  
  
  
  
    
    
  
  
  
  
  
  
    The principal that has access to a resource within the internal environment. 
- 
  
    
      #principal_owner_account  ⇒ String 
    
    
  
  
  
  
    
    
  
  
  
  
  
  
    The Amazon Web Services account ID that owns the principal identified in the internal access finding. 
- 
  
    
      #principal_type  ⇒ String 
    
    
  
  
  
  
    
    
  
  
  
  
  
  
    The type of principal identified in the internal access finding, such as IAM role or IAM user. 
- 
  
    
      #resource_control_policy_restriction  ⇒ String 
    
    
  
  
  
  
    
    
  
  
  
  
  
  
    The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP). 
- 
  
    
      #service_control_policy_restriction  ⇒ String 
    
    
  
  
  
  
    
    
  
  
  
  
  
  
    The type of restriction applied to the finding by an Organizations service control policy (SCP). 
- 
  
    
      #sources  ⇒ Array<Types::FindingSource> 
    
    
  
  
  
  
    
    
  
  
  
  
  
  
    The sources of the internal access finding. 
Instance Attribute Details
#access_type ⇒ String
The type of internal access identified in the finding. This indicates how the access is granted within your Amazon Web Services environment.
| 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 | # File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 2734 class InternalAccessDetails < Struct.new( :action, :condition, :principal, :principal_owner_account, :access_type, :principal_type, :sources, :resource_control_policy_restriction, :service_control_policy_restriction) SENSITIVE = [] include Aws::Structure end | 
#action ⇒ Array<String>
The action in the analyzed policy statement that has internal access permission to use.
| 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 | # File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 2734 class InternalAccessDetails < Struct.new( :action, :condition, :principal, :principal_owner_account, :access_type, :principal_type, :sources, :resource_control_policy_restriction, :service_control_policy_restriction) SENSITIVE = [] include Aws::Structure end | 
#condition ⇒ Hash<String,String>
The condition in the analyzed policy statement that resulted in an internal access finding.
| 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 | # File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 2734 class InternalAccessDetails < Struct.new( :action, :condition, :principal, :principal_owner_account, :access_type, :principal_type, :sources, :resource_control_policy_restriction, :service_control_policy_restriction) SENSITIVE = [] include Aws::Structure end | 
#principal ⇒ Hash<String,String>
The principal that has access to a resource within the internal environment.
| 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 | # File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 2734 class InternalAccessDetails < Struct.new( :action, :condition, :principal, :principal_owner_account, :access_type, :principal_type, :sources, :resource_control_policy_restriction, :service_control_policy_restriction) SENSITIVE = [] include Aws::Structure end | 
#principal_owner_account ⇒ String
The Amazon Web Services account ID that owns the principal identified in the internal access finding.
| 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 | # File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 2734 class InternalAccessDetails < Struct.new( :action, :condition, :principal, :principal_owner_account, :access_type, :principal_type, :sources, :resource_control_policy_restriction, :service_control_policy_restriction) SENSITIVE = [] include Aws::Structure end | 
#principal_type ⇒ String
The type of principal identified in the internal access finding, such as IAM role or IAM user.
| 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 | # File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 2734 class InternalAccessDetails < Struct.new( :action, :condition, :principal, :principal_owner_account, :access_type, :principal_type, :sources, :resource_control_policy_restriction, :service_control_policy_restriction) SENSITIVE = [] include Aws::Structure end | 
#resource_control_policy_restriction ⇒ String
The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).
- APPLICABLE: There is an RCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. For example, if- s3:DeleteObjectis blocked by the RCP and the restriction is- APPLICABLE, then- s3:DeleteObjectwould still be included in the list of actions for the finding. Only applicable to internal access findings with the account as the zone of trust.
- FAILED_TO_EVALUATE_RCP: There was an error evaluating the RCP.
- NOT_APPLICABLE: There was no RCP present in the organization. For internal access findings with the account as the zone of trust,- NOT_APPLICABLEcould also indicate that there was no RCP applicable to the resource.
- APPLIED: An RCP is present in the organization and IAM Access Analyzer included it in the evaluation of effective permissions. For example, if- s3:DeleteObjectis blocked by the RCP and the restriction is- APPLIED, then- s3:DeleteObjectwould not be included in the list of actions for the finding. Only applicable to internal access findings with the organization as the zone of trust.
| 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 | # File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 2734 class InternalAccessDetails < Struct.new( :action, :condition, :principal, :principal_owner_account, :access_type, :principal_type, :sources, :resource_control_policy_restriction, :service_control_policy_restriction) SENSITIVE = [] include Aws::Structure end | 
#service_control_policy_restriction ⇒ String
The type of restriction applied to the finding by an Organizations service control policy (SCP).
- APPLICABLE: There is an SCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. Only applicable to internal access findings with the account as the zone of trust.
- FAILED_TO_EVALUATE_SCP: There was an error evaluating the SCP.
- NOT_APPLICABLE: There was no SCP present in the organization. For internal access findings with the account as the zone of trust,- NOT_APPLICABLEcould also indicate that there was no SCP applicable to the principal.
- APPLIED: An SCP is present in the organization and IAM Access Analyzer included it in the evaluation of effective permissions. Only applicable to internal access findings with the organization as the zone of trust.
| 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 | # File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 2734 class InternalAccessDetails < Struct.new( :action, :condition, :principal, :principal_owner_account, :access_type, :principal_type, :sources, :resource_control_policy_restriction, :service_control_policy_restriction) SENSITIVE = [] include Aws::Structure end | 
#sources ⇒ Array<Types::FindingSource>
The sources of the internal access finding. This indicates how the access that generated the finding is granted within your Amazon Web Services environment.
| 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 | # File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 2734 class InternalAccessDetails < Struct.new( :action, :condition, :principal, :principal_owner_account, :access_type, :principal_type, :sources, :resource_control_policy_restriction, :service_control_policy_restriction) SENSITIVE = [] include Aws::Structure end |