:doc:`AccessAnalyzer <../../accessanalyzer>` / Client / list_findings_v2

****************
list_findings_v2
****************



.. py:method:: AccessAnalyzer.Client.list_findings_v2(**kwargs)

  

  Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use ``access-analyzer:ListFindings`` in the ``Action`` element of an IAM policy statement. You must have permission to perform the ``access-analyzer:ListFindings`` action.

   

  To learn about filter keys that you can use to retrieve a list of findings, see `IAM Access Analyzer filter keys <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html>`__ in the **IAM User Guide**.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindingsV2>`_  


  **Request Syntax**
  ::

    response = client.list_findings_v2(
        analyzerArn='string',
        filter={
            'string': {
                'eq': [
                    'string',
                ],
                'neq': [
                    'string',
                ],
                'contains': [
                    'string',
                ],
                'exists': True|False
            }
        },
        maxResults=123,
        nextToken='string',
        sort={
            'attributeName': 'string',
            'orderBy': 'ASC'|'DESC'
        }
    )
    
  :type analyzerArn: string
  :param analyzerArn: **[REQUIRED]** 

    The `ARN of the analyzer <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources>`__ to retrieve findings from.

    

  
  :type filter: dict
  :param filter: 

    A filter to match for the findings to return.

    

  
    - *(string) --* 

    
      - *(dict) --* 

        The criteria to use in the filter that defines the archive rule. For more information on available filter keys, see `IAM Access Analyzer filter keys <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html>`__.

        

      
        - **eq** *(list) --* 

          An "equals" operator to match for the filter used to create the rule.

          

        
          - *(string) --* 

          
      
        - **neq** *(list) --* 

          A "not equals" operator to match for the filter used to create the rule.

          

        
          - *(string) --* 

          
      
        - **contains** *(list) --* 

          A "contains" operator to match for the filter used to create the rule.

          

        
          - *(string) --* 

          
      
        - **exists** *(boolean) --* 

          An "exists" operator to match for the filter used to create the rule.

          

        
      


  :type maxResults: integer
  :param maxResults: 

    The maximum number of results to return in the response.

    

  
  :type nextToken: string
  :param nextToken: 

    A token used for pagination of results returned.

    

  
  :type sort: dict
  :param sort: 

    The criteria used to sort.

    

  
    - **attributeName** *(string) --* 

      The name of the attribute to sort on.

      

    
    - **orderBy** *(string) --* 

      The sort order, ascending or descending.

      

    
  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'findings': [
              {
                  'analyzedAt': datetime(2015, 1, 1),
                  'createdAt': datetime(2015, 1, 1),
                  'error': 'string',
                  'id': 'string',
                  'resource': 'string',
                  'resourceType': 'AWS::S3::Bucket'|'AWS::IAM::Role'|'AWS::SQS::Queue'|'AWS::Lambda::Function'|'AWS::Lambda::LayerVersion'|'AWS::KMS::Key'|'AWS::SecretsManager::Secret'|'AWS::EFS::FileSystem'|'AWS::EC2::Snapshot'|'AWS::ECR::Repository'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBClusterSnapshot'|'AWS::SNS::Topic'|'AWS::S3Express::DirectoryBucket'|'AWS::DynamoDB::Table'|'AWS::DynamoDB::Stream'|'AWS::IAM::User',
                  'resourceOwnerAccount': 'string',
                  'status': 'ACTIVE'|'ARCHIVED'|'RESOLVED',
                  'updatedAt': datetime(2015, 1, 1),
                  'findingType': 'ExternalAccess'|'UnusedIAMRole'|'UnusedIAMUserAccessKey'|'UnusedIAMUserPassword'|'UnusedPermission'|'InternalAccess'
              },
          ],
          'nextToken': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **findings** *(list) --* 

        A list of findings retrieved from the analyzer that match the filter criteria specified, if any.

        
        

        - *(dict) --* 

          Contains information about a finding.

          
          

          - **analyzedAt** *(datetime) --* 

            The time at which the resource-based policy or IAM entity that generated the finding was analyzed.

            
          

          - **createdAt** *(datetime) --* 

            The time at which the finding was created.

            
          

          - **error** *(string) --* 

            The error that resulted in an Error finding.

            
          

          - **id** *(string) --* 

            The ID of the finding.

            
          

          - **resource** *(string) --* 

            The resource that the external principal has access to.

            
          

          - **resourceType** *(string) --* 

            The type of the resource that the external principal has access to.

            
          

          - **resourceOwnerAccount** *(string) --* 

            The Amazon Web Services account ID that owns the resource.

            
          

          - **status** *(string) --* 

            The status of the finding.

            
          

          - **updatedAt** *(datetime) --* 

            The time at which the finding was most recently updated.

            
          

          - **findingType** *(string) --* 

            The type of the access finding. For external access analyzers, the type is ``ExternalAccess``. For unused access analyzers, the type can be ``UnusedIAMRole``, ``UnusedIAMUserAccessKey``, ``UnusedIAMUserPassword``, or ``UnusedPermission``. For internal access analyzers, the type is ``InternalAccess``.

            
      
    
      

      - **nextToken** *(string) --* 

        A token used for pagination of results returned.

        
  
  **Exceptions**
  
  *   :py:class:`AccessAnalyzer.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`AccessAnalyzer.Client.exceptions.ValidationException`

  
  *   :py:class:`AccessAnalyzer.Client.exceptions.InternalServerException`

  
  *   :py:class:`AccessAnalyzer.Client.exceptions.ThrottlingException`

  
  *   :py:class:`AccessAnalyzer.Client.exceptions.AccessDeniedException`

  