class Aws::AccessAnalyzer::Types::CreateAccessPreviewRequest
@note When making an API call, you may pass CreateAccessPreviewRequest
data as a hash: { analyzer_arn: "AnalyzerArn", # required client_token: "String", configurations: { # required "ConfigurationsMapKey" => { iam_role: { trust_policy: "IamTrustPolicy", }, kms_key: { grants: [ { constraints: { encryption_context_equals: { "KmsConstraintsKey" => "KmsConstraintsValue", }, encryption_context_subset: { "KmsConstraintsKey" => "KmsConstraintsValue", }, }, grantee_principal: "GranteePrincipal", # required issuing_account: "IssuingAccount", # required operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify retiring_principal: "RetiringPrincipal", }, ], key_policies: { "PolicyName" => "KmsKeyPolicy", }, }, s3_bucket: { access_points: { "AccessPointArn" => { access_point_policy: "AccessPointPolicy", network_origin: { internet_configuration: { }, vpc_configuration: { vpc_id: "VpcId", # required }, }, public_access_block: { ignore_public_acls: false, # required restrict_public_buckets: false, # required }, }, }, bucket_acl_grants: [ { grantee: { # required id: "AclCanonicalId", uri: "AclUri", }, permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL }, ], bucket_policy: "S3BucketPolicy", bucket_public_access_block: { ignore_public_acls: false, # required restrict_public_buckets: false, # required }, }, secrets_manager_secret: { kms_key_id: "SecretsManagerSecretKmsId", secret_policy: "SecretsManagerSecretPolicy", }, sqs_queue: { queue_policy: "SqsQueuePolicy", }, }, }, }
@!attribute [rw] analyzer_arn
The [ARN of the account analyzer][1] used to generate the access preview. You can only create an access preview for analyzers with an `Account` type and `Active` status. [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources @return [String]
@!attribute [rw] client_token
A client token. **A suitable default value is auto-generated.** You should normally not need to pass this option. @return [String]
@!attribute [rw] configurations
Access control configuration for your resource that is used to generate the access preview. The access preview includes findings for external access allowed to the resource with the proposed access control configuration. The configuration must contain exactly one element. @return [Hash<String,Types::Configuration>]
@see docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAccessPreviewRequest AWS API Documentation
Constants
- SENSITIVE