Analyzer
Manages an Access Analyzer Analyzer. More information can be found in the Access Analyzer User Guide.
Example Usage
Account Analyzer
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.accessanalyzer.Analyzer("example", {analyzerName: "example"});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.accessanalyzer.Analyzer("example", analyzer_name="example")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.AccessAnalyzer.Analyzer("example", new()
{
AnalyzerName = "example",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/accessanalyzer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := accessanalyzer.NewAnalyzer(ctx, "example", &accessanalyzer.AnalyzerArgs{
AnalyzerName: pulumi.String("example"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.accessanalyzer.Analyzer;
import com.pulumi.aws.accessanalyzer.AnalyzerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Analyzer("example", AnalyzerArgs.builder()
.analyzerName("example")
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:accessanalyzer:Analyzer
properties:
analyzerName: exampleContent copied to clipboard
Organization Analyzer
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.organizations.Organization("example", {awsServiceAccessPrincipals: ["access-analyzer.amazonaws.com"]});
const exampleAnalyzer = new aws.accessanalyzer.Analyzer("example", {
analyzerName: "example",
type: "ORGANIZATION",
}, {
dependsOn: [example],
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.organizations.Organization("example", aws_service_access_principals=["access-analyzer.amazonaws.com"])
example_analyzer = aws.accessanalyzer.Analyzer("example",
analyzer_name="example",
type="ORGANIZATION",
opts = pulumi.ResourceOptions(depends_on=[example]))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Organizations.Organization("example", new()
{
AwsServiceAccessPrincipals = new[]
{
"access-analyzer.amazonaws.com",
},
});
var exampleAnalyzer = new Aws.AccessAnalyzer.Analyzer("example", new()
{
AnalyzerName = "example",
Type = "ORGANIZATION",
}, new CustomResourceOptions
{
DependsOn =
{
example,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/accessanalyzer"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := organizations.NewOrganization(ctx, "example", &organizations.OrganizationArgs{
AwsServiceAccessPrincipals: pulumi.StringArray{
pulumi.String("access-analyzer.amazonaws.com"),
},
})
if err != nil {
return err
}
_, err = accessanalyzer.NewAnalyzer(ctx, "example", &accessanalyzer.AnalyzerArgs{
AnalyzerName: pulumi.String("example"),
Type: pulumi.String("ORGANIZATION"),
}, pulumi.DependsOn([]pulumi.Resource{
example,
}))
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.Organization;
import com.pulumi.aws.organizations.OrganizationArgs;
import com.pulumi.aws.accessanalyzer.Analyzer;
import com.pulumi.aws.accessanalyzer.AnalyzerArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Organization("example", OrganizationArgs.builder()
.awsServiceAccessPrincipals("access-analyzer.amazonaws.com")
.build());
var exampleAnalyzer = new Analyzer("exampleAnalyzer", AnalyzerArgs.builder()
.analyzerName("example")
.type("ORGANIZATION")
.build(), CustomResourceOptions.builder()
.dependsOn(example)
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:organizations:Organization
properties:
awsServiceAccessPrincipals:
- access-analyzer.amazonaws.com
exampleAnalyzer:
type: aws:accessanalyzer:Analyzer
name: example
properties:
analyzerName: example
type: ORGANIZATION
options:
dependsOn:
- ${example}Content copied to clipboard
Organization Unused Access Analyzer with analysis rule
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.accessanalyzer.Analyzer("example", {
analyzerName: "example",
type: "ORGANIZATION_UNUSED_ACCESS",
configuration: {
unusedAccess: {
unusedAccessAge: 180,
analysisRule: {
exclusions: [
{
accountIds: [
"123456789012",
"234567890123",
],
},
{
resourceTags: [
{
key1: "value1",
},
{
key2: "value2",
},
],
},
],
},
},
},
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.accessanalyzer.Analyzer("example",
analyzer_name="example",
type="ORGANIZATION_UNUSED_ACCESS",
configuration={
"unused_access": {
"unused_access_age": 180,
"analysis_rule": {
"exclusions": [
{
"account_ids": [
"123456789012",
"234567890123",
],
},
{
"resource_tags": [
{
"key1": "value1",
},
{
"key2": "value2",
},
],
},
],
},
},
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.AccessAnalyzer.Analyzer("example", new()
{
AnalyzerName = "example",
Type = "ORGANIZATION_UNUSED_ACCESS",
Configuration = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationArgs
{
UnusedAccess = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationUnusedAccessArgs
{
UnusedAccessAge = 180,
AnalysisRule = new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationUnusedAccessAnalysisRuleArgs
{
Exclusions = new[]
{
new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArgs
{
AccountIds = new[]
{
"123456789012",
"234567890123",
},
},
new Aws.AccessAnalyzer.Inputs.AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArgs
{
ResourceTags = new[]
{
{
{ "key1", "value1" },
},
{
{ "key2", "value2" },
},
},
},
},
},
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/accessanalyzer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := accessanalyzer.NewAnalyzer(ctx, "example", &accessanalyzer.AnalyzerArgs{
AnalyzerName: pulumi.String("example"),
Type: pulumi.String("ORGANIZATION_UNUSED_ACCESS"),
Configuration: &accessanalyzer.AnalyzerConfigurationArgs{
UnusedAccess: &accessanalyzer.AnalyzerConfigurationUnusedAccessArgs{
UnusedAccessAge: pulumi.Int(180),
AnalysisRule: &accessanalyzer.AnalyzerConfigurationUnusedAccessAnalysisRuleArgs{
Exclusions: accessanalyzer.AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArray{
&accessanalyzer.AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArgs{
AccountIds: pulumi.StringArray{
pulumi.String("123456789012"),
pulumi.String("234567890123"),
},
},
&accessanalyzer.AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArgs{
ResourceTags: pulumi.StringMapArray{
pulumi.StringMap{
"key1": pulumi.String("value1"),
},
pulumi.StringMap{
"key2": pulumi.String("value2"),
},
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.accessanalyzer.Analyzer;
import com.pulumi.aws.accessanalyzer.AnalyzerArgs;
import com.pulumi.aws.accessanalyzer.inputs.AnalyzerConfigurationArgs;
import com.pulumi.aws.accessanalyzer.inputs.AnalyzerConfigurationUnusedAccessArgs;
import com.pulumi.aws.accessanalyzer.inputs.AnalyzerConfigurationUnusedAccessAnalysisRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Analyzer("example", AnalyzerArgs.builder()
.analyzerName("example")
.type("ORGANIZATION_UNUSED_ACCESS")
.configuration(AnalyzerConfigurationArgs.builder()
.unusedAccess(AnalyzerConfigurationUnusedAccessArgs.builder()
.unusedAccessAge(180)
.analysisRule(AnalyzerConfigurationUnusedAccessAnalysisRuleArgs.builder()
.exclusions(
AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArgs.builder()
.accountIds(
"123456789012",
"234567890123")
.build(),
AnalyzerConfigurationUnusedAccessAnalysisRuleExclusionArgs.builder()
.resourceTags(
Map.of("key1", "value1"),
Map.of("key2", "value2"))
.build())
.build())
.build())
.build())
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:accessanalyzer:Analyzer
properties:
analyzerName: example
type: ORGANIZATION_UNUSED_ACCESS
configuration:
unusedAccess:
unusedAccessAge: 180
analysisRule:
exclusions:
- accountIds:
- '123456789012'
- '234567890123'
- resourceTags:
- key1: value1
- key2: value2Content copied to clipboard
Import
Using pulumi import, import Access Analyzer Analyzers using the analyzer_name. For example:
$ pulumi import aws:accessanalyzer/analyzer:Analyzer example exampleContent copied to clipboard