

**************
AccessAnalyzer
**************



======
Client
======



.. py:class:: AccessAnalyzer.Client

  A low-level client representing Access Analyzer
  

  Identity and Access Management Access Analyzer helps you to set, verify, and refine your IAM policies by providing a suite of capabilities. Its features include findings for external, internal, and unused access, basic and custom policy checks for validating policies, and policy generation to generate fine-grained policies. To start using IAM Access Analyzer to identify external, internal, or unused access, you first need to create an analyzer.

   

  **External access analyzers** help you identify potential risks of accessing resources by enabling you to identify any resource policies that grant access to an external principal. It does this by using logic-based reasoning to analyze resource-based policies in your Amazon Web Services environment. An external principal can be another Amazon Web Services account, a root user, an IAM user or role, a federated user, an Amazon Web Services service, or an anonymous user. You can also use IAM Access Analyzer to preview public and cross-account access to your resources before deploying permissions changes.

   

  **Internal access analyzers** help you identify which principals within your organization or account have access to selected resources. This analysis supports implementing the principle of least privilege by ensuring that your specified resources can only be accessed by the intended principals within your organization.

   

  **Unused access analyzers** help you identify potential identity access risks by enabling you to identify unused IAM roles, unused access keys, unused console passwords, and IAM principals with unused service and action-level permissions.

   

  Beyond findings, IAM Access Analyzer provides basic and custom policy checks to validate IAM policies before deploying permissions changes. You can use policy generation to refine permissions by attaching a policy generated using access activity logged in CloudTrail logs.

   

  This guide describes the IAM Access Analyzer operations that you can call programmatically. For general information about IAM Access Analyzer, see `Using Identity and Access Management Access Analyzer <https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html>`__ in the **IAM User Guide**.

  ::

    
    import boto3
    
    client = boto3.client('accessanalyzer')

  

These are the available methods:

.. toctree::
  :maxdepth: 1
  :titlesonly:

  accessanalyzer/client/apply_archive_rule
  accessanalyzer/client/can_paginate
  accessanalyzer/client/cancel_policy_generation
  accessanalyzer/client/check_access_not_granted
  accessanalyzer/client/check_no_new_access
  accessanalyzer/client/check_no_public_access
  accessanalyzer/client/close
  accessanalyzer/client/create_access_preview
  accessanalyzer/client/create_analyzer
  accessanalyzer/client/create_archive_rule
  accessanalyzer/client/delete_analyzer
  accessanalyzer/client/delete_archive_rule
  accessanalyzer/client/generate_finding_recommendation
  accessanalyzer/client/get_access_preview
  accessanalyzer/client/get_analyzed_resource
  accessanalyzer/client/get_analyzer
  accessanalyzer/client/get_archive_rule
  accessanalyzer/client/get_finding
  accessanalyzer/client/get_finding_recommendation
  accessanalyzer/client/get_finding_v2
  accessanalyzer/client/get_findings_statistics
  accessanalyzer/client/get_generated_policy
  accessanalyzer/client/get_paginator
  accessanalyzer/client/get_waiter
  accessanalyzer/client/list_access_preview_findings
  accessanalyzer/client/list_access_previews
  accessanalyzer/client/list_analyzed_resources
  accessanalyzer/client/list_analyzers
  accessanalyzer/client/list_archive_rules
  accessanalyzer/client/list_findings
  accessanalyzer/client/list_findings_v2
  accessanalyzer/client/list_policy_generations
  accessanalyzer/client/list_tags_for_resource
  accessanalyzer/client/start_policy_generation
  accessanalyzer/client/start_resource_scan
  accessanalyzer/client/tag_resource
  accessanalyzer/client/untag_resource
  accessanalyzer/client/update_analyzer
  accessanalyzer/client/update_archive_rule
  accessanalyzer/client/update_findings
  accessanalyzer/client/validate_policy


==========
Paginators
==========


Paginators are available on a client instance via the ``get_paginator`` method. For more detailed instructions and examples on the usage of paginators, see the paginators `user guide <https://boto3.amazonaws.com/v1/documentation/api/latest/guide/paginators.html>`_.

The available paginators are:

.. toctree::
  :maxdepth: 1
  :titlesonly:

  accessanalyzer/paginator/GetFindingRecommendation
  accessanalyzer/paginator/GetFindingV2
  accessanalyzer/paginator/ListAccessPreviewFindings
  accessanalyzer/paginator/ListAccessPreviews
  accessanalyzer/paginator/ListAnalyzedResources
  accessanalyzer/paginator/ListAnalyzers
  accessanalyzer/paginator/ListArchiveRules
  accessanalyzer/paginator/ListFindings
  accessanalyzer/paginator/ListFindingsV2
  accessanalyzer/paginator/ListPolicyGenerations
  accessanalyzer/paginator/ValidatePolicy
