Skip to content

Check No Public Access

accessanalyzer_check_no_public_access R Documentation

Checks whether a resource policy can grant public access to the specified resource type

Description

Checks whether a resource policy can grant public access to the specified resource type.

Usage

accessanalyzer_check_no_public_access(policyDocument, resourceType)

Arguments

policyDocument

[required] The JSON policy document to evaluate for public access.

resourceType

[required] The type of resource to evaluate for public access. For example, to check for public access to Amazon S3 buckets, you can choose ⁠AWS::S3::Bucket⁠ for the resource type.

For resource types not supported as valid values, IAM Access Analyzer will return an error.

Value

A list with the following syntax:

list(
  result = "PASS"|"FAIL",
  message = "string",
  reasons = list(
    list(
      description = "string",
      statementIndex = 123,
      statementId = "string"
    )
  )
)

Request syntax

svc$check_no_public_access(
  policyDocument = "string",
  resourceType = "AWS::DynamoDB::Table"|"AWS::DynamoDB::Stream"|"AWS::EFS::FileSystem"|"AWS::OpenSearchService::Domain"|"AWS::Kinesis::Stream"|"AWS::Kinesis::StreamConsumer"|"AWS::KMS::Key"|"AWS::Lambda::Function"|"AWS::S3::Bucket"|"AWS::S3::AccessPoint"|"AWS::S3Express::DirectoryBucket"|"AWS::S3::Glacier"|"AWS::S3Outposts::Bucket"|"AWS::S3Outposts::AccessPoint"|"AWS::SecretsManager::Secret"|"AWS::SNS::Topic"|"AWS::SQS::Queue"|"AWS::IAM::AssumeRolePolicyDocument"
)

Examples

## Not run: 
#
svc$check_no_public_access(
  policyDocument = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Bob\",\"Effe...",
  resourceType = "AWS::S3::Bucket"
)

#
svc$check_no_public_access(
  policyDocument = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Bob\",\"Effe...",
  resourceType = "AWS::S3::Bucket"
)

## End(Not run)