Check No New Access
accessanalyzer_check_no_new_access | R Documentation |
Checks whether new access is allowed for an updated policy when compared to the existing policy¶
Description¶
Checks whether new access is allowed for an updated policy when compared to the existing policy.
You can find examples for reference policies and learn how to set up and
run a custom policy check for new access in the IAM Access Analyzer
custom policy checks
samples
repository on GitHub. The reference policies in this repository are
meant to be passed to the existingPolicyDocument
request parameter.
Usage¶
Arguments¶
newPolicyDocument
[required] The JSON policy document to use as the content for the updated policy.
existingPolicyDocument
[required] The JSON policy document to use as the content for the existing policy.
policyType
[required] The type of policy to compare. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups.
Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy.
Value¶
A list with the following syntax:
list(
result = "PASS"|"FAIL",
message = "string",
reasons = list(
list(
description = "string",
statementIndex = 123,
statementId = "string"
)
)
)