* Note: Do not directly implement this interface, new methods are added to it regularly. Extend from * {@link com.amazonaws.services.accessanalyzer.AbstractAWSAccessAnalyzer} instead. *
**
* Identity and Access Management Access Analyzer helps identify potential resource-access risks by enabling you to * identify any policies that grant access to an external principal. It does this by using logic-based reasoning to * analyze resource-based policies in your Amazon Web Services environment. An external principal can be another Amazon * Web Services account, a root user, an IAM user or role, a federated user, an Amazon Web Services service, or an * anonymous user. You can also use IAM Access Analyzer to preview and validate public and cross-account access to your * resources before deploying permissions changes. This guide describes the Identity and Access Management Access * Analyzer operations that you can call programmatically. For general information about IAM Access Analyzer, see Identity and Access Management * Access Analyzer in the IAM User Guide. *
** To start using IAM Access Analyzer, you first need to create an analyzer. *
*/ @Generated("com.amazonaws:aws-java-sdk-code-generator") public interface AWSAccessAnalyzer { /** * The region metadata service name for computing region endpoints. You can use this value to retrieve metadata * (such as supported regions) of the service. * * @see RegionUtils#getRegionsForService(String) */ String ENDPOINT_PREFIX = "access-analyzer"; /** ** Retroactively applies the archive rule to existing findings that meet the archive rule criteria. *
* * @param applyArchiveRuleRequest * Retroactively applies an archive rule. * @return Result of the ApplyArchiveRule operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.ApplyArchiveRule * @see AWS API Documentation */ ApplyArchiveRuleResult applyArchiveRule(ApplyArchiveRuleRequest applyArchiveRuleRequest); /** ** Cancels the requested policy generation. *
* * @param cancelPolicyGenerationRequest * @return Result of the CancelPolicyGeneration operation returned by the service. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.CancelPolicyGeneration * @see AWS API Documentation */ CancelPolicyGenerationResult cancelPolicyGeneration(CancelPolicyGenerationRequest cancelPolicyGenerationRequest); /** ** Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before * deploying resource permissions. *
* * @param createAccessPreviewRequest * @return Result of the CreateAccessPreview operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ConflictException * A conflict exception error. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ServiceQuotaExceededException * Service quote met error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.CreateAccessPreview * @see AWS API Documentation */ CreateAccessPreviewResult createAccessPreview(CreateAccessPreviewRequest createAccessPreviewRequest); /** ** Creates an analyzer for your account. *
* * @param createAnalyzerRequest * Creates an analyzer. * @return Result of the CreateAnalyzer operation returned by the service. * @throws ConflictException * A conflict exception error. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ServiceQuotaExceededException * Service quote met error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.CreateAnalyzer * @see AWS * API Documentation */ CreateAnalyzerResult createAnalyzer(CreateAnalyzerRequest createAnalyzerRequest); /** ** Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet * the criteria you define when you create the rule. *
** To learn about filter keys that you can use to create an archive rule, see IAM Access * Analyzer filter keys in the IAM User Guide. *
* * @param createArchiveRuleRequest * Creates an archive rule. * @return Result of the CreateArchiveRule operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ConflictException * A conflict exception error. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ServiceQuotaExceededException * Service quote met error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.CreateArchiveRule * @see AWS API Documentation */ CreateArchiveRuleResult createArchiveRule(CreateArchiveRuleRequest createArchiveRuleRequest); /** ** Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled for the account or * organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You * cannot undo this action. *
* * @param deleteAnalyzerRequest * Deletes an analyzer. * @return Result of the DeleteAnalyzer operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.DeleteAnalyzer * @see AWS * API Documentation */ DeleteAnalyzerResult deleteAnalyzer(DeleteAnalyzerRequest deleteAnalyzerRequest); /** ** Deletes the specified archive rule. *
* * @param deleteArchiveRuleRequest * Deletes an archive rule. * @return Result of the DeleteArchiveRule operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.DeleteArchiveRule * @see AWS API Documentation */ DeleteArchiveRuleResult deleteArchiveRule(DeleteArchiveRuleRequest deleteArchiveRuleRequest); /** ** Retrieves information about an access preview for the specified analyzer. *
* * @param getAccessPreviewRequest * @return Result of the GetAccessPreview operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.GetAccessPreview * @see AWS API Documentation */ GetAccessPreviewResult getAccessPreview(GetAccessPreviewRequest getAccessPreviewRequest); /** ** Retrieves information about a resource that was analyzed. *
* * @param getAnalyzedResourceRequest * Retrieves an analyzed resource. * @return Result of the GetAnalyzedResource operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.GetAnalyzedResource * @see AWS API Documentation */ GetAnalyzedResourceResult getAnalyzedResource(GetAnalyzedResourceRequest getAnalyzedResourceRequest); /** ** Retrieves information about the specified analyzer. *
* * @param getAnalyzerRequest * Retrieves an analyzer. * @return Result of the GetAnalyzer operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.GetAnalyzer * @see AWS API * Documentation */ GetAnalyzerResult getAnalyzer(GetAnalyzerRequest getAnalyzerRequest); /** ** Retrieves information about an archive rule. *
** To learn about filter keys that you can use to create an archive rule, see IAM Access * Analyzer filter keys in the IAM User Guide. *
* * @param getArchiveRuleRequest * Retrieves an archive rule. * @return Result of the GetArchiveRule operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.GetArchiveRule * @see AWS * API Documentation */ GetArchiveRuleResult getArchiveRule(GetArchiveRuleRequest getArchiveRuleRequest); /** ** Retrieves information about the specified finding. *
* * @param getFindingRequest * Retrieves a finding. * @return Result of the GetFinding operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.GetFinding * @see AWS API * Documentation */ GetFindingResult getFinding(GetFindingRequest getFindingRequest); /** *
* Retrieves the policy that was generated using StartPolicyGeneration.
*
* Retrieves a list of access preview findings generated by the specified access preview. *
* * @param listAccessPreviewFindingsRequest * @return Result of the ListAccessPreviewFindings operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ConflictException * A conflict exception error. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.ListAccessPreviewFindings * @see AWS API Documentation */ ListAccessPreviewFindingsResult listAccessPreviewFindings(ListAccessPreviewFindingsRequest listAccessPreviewFindingsRequest); /** ** Retrieves a list of access previews for the specified analyzer. *
* * @param listAccessPreviewsRequest * @return Result of the ListAccessPreviews operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.ListAccessPreviews * @see AWS API Documentation */ ListAccessPreviewsResult listAccessPreviews(ListAccessPreviewsRequest listAccessPreviewsRequest); /** ** Retrieves a list of resources of the specified type that have been analyzed by the specified analyzer.. *
* * @param listAnalyzedResourcesRequest * Retrieves a list of resources that have been analyzed. * @return Result of the ListAnalyzedResources operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.ListAnalyzedResources * @see AWS API Documentation */ ListAnalyzedResourcesResult listAnalyzedResources(ListAnalyzedResourcesRequest listAnalyzedResourcesRequest); /** ** Retrieves a list of analyzers. *
* * @param listAnalyzersRequest * Retrieves a list of analyzers. * @return Result of the ListAnalyzers operation returned by the service. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.ListAnalyzers * @see AWS * API Documentation */ ListAnalyzersResult listAnalyzers(ListAnalyzersRequest listAnalyzersRequest); /** ** Retrieves a list of archive rules created for the specified analyzer. *
* * @param listArchiveRulesRequest * Retrieves a list of archive rules created for the specified analyzer. * @return Result of the ListArchiveRules operation returned by the service. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.ListArchiveRules * @see AWS API Documentation */ ListArchiveRulesResult listArchiveRules(ListArchiveRulesRequest listArchiveRulesRequest); /** ** Retrieves a list of findings generated by the specified analyzer. *
** To learn about filter keys that you can use to retrieve a list of findings, see IAM Access * Analyzer filter keys in the IAM User Guide. *
* * @param listFindingsRequest * Retrieves a list of findings generated by the specified analyzer. * @return Result of the ListFindings operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.ListFindings * @see AWS * API Documentation */ ListFindingsResult listFindings(ListFindingsRequest listFindingsRequest); /** ** Lists all of the policy generations requested in the last seven days. *
* * @param listPolicyGenerationsRequest * @return Result of the ListPolicyGenerations operation returned by the service. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.ListPolicyGenerations * @see AWS API Documentation */ ListPolicyGenerationsResult listPolicyGenerations(ListPolicyGenerationsRequest listPolicyGenerationsRequest); /** ** Retrieves a list of tags applied to the specified resource. *
* * @param listTagsForResourceRequest * Retrieves a list of tags applied to the specified resource. * @return Result of the ListTagsForResource operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.ListTagsForResource * @see AWS API Documentation */ ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest); /** ** Starts the policy generation request. *
* * @param startPolicyGenerationRequest * @return Result of the StartPolicyGeneration operation returned by the service. * @throws ConflictException * A conflict exception error. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ServiceQuotaExceededException * Service quote met error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.StartPolicyGeneration * @see AWS API Documentation */ StartPolicyGenerationResult startPolicyGeneration(StartPolicyGenerationRequest startPolicyGenerationRequest); /** ** Immediately starts a scan of the policies applied to the specified resource. *
* * @param startResourceScanRequest * Starts a scan of the policies applied to the specified resource. * @return Result of the StartResourceScan operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.StartResourceScan * @see AWS API Documentation */ StartResourceScanResult startResourceScan(StartResourceScanRequest startResourceScanRequest); /** ** Adds a tag to the specified resource. *
* * @param tagResourceRequest * Adds a tag to the specified resource. * @return Result of the TagResource operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.TagResource * @see AWS API * Documentation */ TagResourceResult tagResource(TagResourceRequest tagResourceRequest); /** ** Removes a tag from the specified resource. *
* * @param untagResourceRequest * Removes a tag from the specified resource. * @return Result of the UntagResource operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.UntagResource * @see AWS * API Documentation */ UntagResourceResult untagResource(UntagResourceRequest untagResourceRequest); /** ** Updates the criteria and values for the specified archive rule. *
* * @param updateArchiveRuleRequest * Updates the specified archive rule. * @return Result of the UpdateArchiveRule operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.UpdateArchiveRule * @see AWS API Documentation */ UpdateArchiveRuleResult updateArchiveRule(UpdateArchiveRuleRequest updateArchiveRuleRequest); /** ** Updates the status for the specified findings. *
* * @param updateFindingsRequest * Updates findings with the new values provided in the request. * @return Result of the UpdateFindings operation returned by the service. * @throws ResourceNotFoundException * The specified resource could not be found. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.UpdateFindings * @see AWS * API Documentation */ UpdateFindingsResult updateFindings(UpdateFindingsRequest updateFindingsRequest); /** ** Requests the validation of a policy and returns a list of findings. The findings help you identify issues and * provide actionable recommendations to resolve the issue and enable you to author functional policies that meet * security best practices. *
* * @param validatePolicyRequest * @return Result of the ValidatePolicy operation returned by the service. * @throws ValidationException * Validation exception error. * @throws InternalServerException * Internal server error. * @throws ThrottlingException * Throttling limit exceeded error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSAccessAnalyzer.ValidatePolicy * @see AWS * API Documentation */ ValidatePolicyResult validatePolicy(ValidatePolicyRequest validatePolicyRequest); /** * Shuts down this client object, releasing any resources that might be held open. This is an optional method, and * callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client * has been shutdown, it should not be used to make any more requests. */ void shutdown(); /** * Returns additional metadata for a previously executed successful request, typically used for debugging issues * where a service isn't acting as expected. This data isn't considered part of the result data returned by an * operation, so it's available through this separate, diagnostic interface. ** Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic * information for an executed request, you should use this method to retrieve it as soon as possible after * executing a request. * * @param request * The originally executed request. * * @return The response metadata for the specified request, or null if none is available. */ ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request); }