Skip to content

Check No New Access

accessanalyzer_check_no_new_access R Documentation

Checks whether new access is allowed for an updated policy when compared to the existing policy

Description

Checks whether new access is allowed for an updated policy when compared to the existing policy.

You can find examples for reference policies and learn how to set up and run a custom policy check for new access in the IAM Access Analyzer custom policy checks samples repository on GitHub. The reference policies in this repository are meant to be passed to the existingPolicyDocument request parameter.

Usage

accessanalyzer_check_no_new_access(newPolicyDocument,
  existingPolicyDocument, policyType)

Arguments

newPolicyDocument

[required] The JSON policy document to use as the content for the updated policy.

existingPolicyDocument

[required] The JSON policy document to use as the content for the existing policy.

policyType

[required] The type of policy to compare. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups.

Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy.

Value

A list with the following syntax: 

list(
  result = "PASS"|"FAIL",
  message = "string",
  reasons = list(
    list(
      description = "string",
      statementIndex = 123,
      statementId = "string"
    )
  )
)

Request syntax

svc$check_no_new_access(
  newPolicyDocument = "string",
  existingPolicyDocument = "string",
  policyType = "IDENTITY_POLICY"|"RESOURCE_POLICY"
)