:doc:`AccessAnalyzer <../../accessanalyzer>` / Client / get_finding

***********
get_finding
***********



.. py:method:: AccessAnalyzer.Client.get_finding(**kwargs)

  

  Retrieves information about the specified finding. GetFinding and GetFindingV2 both use ``access-analyzer:GetFinding`` in the ``Action`` element of an IAM policy statement. You must have permission to perform the ``access-analyzer:GetFinding`` action.

   

  .. note::

    

    GetFinding is supported only for external access analyzers. You must use GetFindingV2 for internal and unused access analyzers.

    

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFinding>`_  


  **Request Syntax**
  ::

    response = client.get_finding(
        analyzerArn='string',
        id='string'
    )
    
  :type analyzerArn: string
  :param analyzerArn: **[REQUIRED]** 

    The `ARN of the analyzer <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources>`__ that generated the finding.

    

  
  :type id: string
  :param id: **[REQUIRED]** 

    The ID of the finding to retrieve.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'finding': {
              'id': 'string',
              'principal': {
                  'string': 'string'
              },
              'action': [
                  'string',
              ],
              'resource': 'string',
              'isPublic': True|False,
              'resourceType': 'AWS::S3::Bucket'|'AWS::IAM::Role'|'AWS::SQS::Queue'|'AWS::Lambda::Function'|'AWS::Lambda::LayerVersion'|'AWS::KMS::Key'|'AWS::SecretsManager::Secret'|'AWS::EFS::FileSystem'|'AWS::EC2::Snapshot'|'AWS::ECR::Repository'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBClusterSnapshot'|'AWS::SNS::Topic'|'AWS::S3Express::DirectoryBucket'|'AWS::DynamoDB::Table'|'AWS::DynamoDB::Stream'|'AWS::IAM::User',
              'condition': {
                  'string': 'string'
              },
              'createdAt': datetime(2015, 1, 1),
              'analyzedAt': datetime(2015, 1, 1),
              'updatedAt': datetime(2015, 1, 1),
              'status': 'ACTIVE'|'ARCHIVED'|'RESOLVED',
              'resourceOwnerAccount': 'string',
              'error': 'string',
              'sources': [
                  {
                      'type': 'POLICY'|'BUCKET_ACL'|'S3_ACCESS_POINT'|'S3_ACCESS_POINT_ACCOUNT',
                      'detail': {
                          'accessPointArn': 'string',
                          'accessPointAccount': 'string'
                      }
                  },
              ],
              'resourceControlPolicyRestriction': 'APPLICABLE'|'FAILED_TO_EVALUATE_RCP'|'NOT_APPLICABLE'|'APPLIED'
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 

      The response to the request.

      
      

      - **finding** *(dict) --* 

        A ``finding`` object that contains finding details.

        
        

        - **id** *(string) --* 

          The ID of the finding.

          
        

        - **principal** *(dict) --* 

          The external principal that has access to a resource within the zone of trust.

          
          

          - *(string) --* 
            

            - *(string) --* 
      
    
        

        - **action** *(list) --* 

          The action in the analyzed policy statement that an external principal has permission to use.

          
          

          - *(string) --* 
      
        

        - **resource** *(string) --* 

          The resource that an external principal has access to.

          
        

        - **isPublic** *(boolean) --* 

          Indicates whether the policy that generated the finding allows public access to the resource.

          
        

        - **resourceType** *(string) --* 

          The type of the resource identified in the finding.

          
        

        - **condition** *(dict) --* 

          The condition in the analyzed policy statement that resulted in a finding.

          
          

          - *(string) --* 
            

            - *(string) --* 
      
    
        

        - **createdAt** *(datetime) --* 

          The time at which the finding was generated.

          
        

        - **analyzedAt** *(datetime) --* 

          The time at which the resource was analyzed.

          
        

        - **updatedAt** *(datetime) --* 

          The time at which the finding was updated.

          
        

        - **status** *(string) --* 

          The current status of the finding.

          
        

        - **resourceOwnerAccount** *(string) --* 

          The Amazon Web Services account ID that owns the resource.

          
        

        - **error** *(string) --* 

          An error.

          
        

        - **sources** *(list) --* 

          The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.

          
          

          - *(dict) --* 

            The source of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.

            
            

            - **type** *(string) --* 

              Indicates the type of access that generated the finding.

              
            

            - **detail** *(dict) --* 

              Includes details about how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.

              
              

              - **accessPointArn** *(string) --* 

                The ARN of the access point that generated the finding. The ARN format depends on whether the ARN represents an access point or a multi-region access point.

                
              

              - **accessPointAccount** *(string) --* 

                The account of the cross-account access point that generated the finding.

                
          
        
      
        

        - **resourceControlPolicyRestriction** *(string) --* 

          The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

          
    
  
  **Exceptions**
  
  *   :py:class:`AccessAnalyzer.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`AccessAnalyzer.Client.exceptions.ValidationException`

  
  *   :py:class:`AccessAnalyzer.Client.exceptions.InternalServerException`

  
  *   :py:class:`AccessAnalyzer.Client.exceptions.ThrottlingException`

  
  *   :py:class:`AccessAnalyzer.Client.exceptions.AccessDeniedException`

  