Linux command
aws-accessanalyzer 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
List
aws accessanalyzer list-analyzers
Create
aws accessanalyzer create-analyzer --analyzer-name [name] --type ACCOUNT
List
aws accessanalyzer list-findings --analyzer-arn [arn]
Get
aws accessanalyzer get-finding --analyzer-arn [arn] --id [finding_id]
Create
aws accessanalyzer create-archive-rule --analyzer-name [name] --rule-name [rule] --filter '[filter_json]'
Validate
aws accessanalyzer validate-policy --policy-document [file://policy.json] --policy-type IDENTITY_POLICY
说明
AWS IAM Access Analyzer helps you set, verify, and refine IAM policies by providing a comprehensive suite of capabilities for managing identity and resource access in AWS. It uses automated reasoning and logic-based analysis to identify potential security risks and unused access. The service provides three main types of analyzers: > External Access Analyzers - Identify resources accessible from outside your AWS account or organization, including public internet access and cross-account access. These analyzers use logic-based reasoning to analyze resource-based policies and identify unintended external access before deployment. > Internal Access Analyzers - Identify which principals within your organization or account have access to specific resources. This helps implement the principle of least privilege by ensuring resources are accessible only to intended internal principals. > Unused Access Analyzers - Identify identity access risks by detecting unused resources such as IAM roles, access keys, console passwords, and service or action-level permissions that haven't been used recently. The tool also provides policy validation to check IAM policies for syntax errors and compliance with AWS best practices, plus policy generation to automatically create fine-grained policies based on actual access activity captured in CloudTrail logs.
FAQ
What is the aws-accessanalyzer command used for?
AWS IAM Access Analyzer helps you set, verify, and refine IAM policies by providing a comprehensive suite of capabilities for managing identity and resource access in AWS. It uses automated reasoning and logic-based analysis to identify potential security risks and unused access. The service provides three main types of analyzers: > External Access Analyzers - Identify resources accessible from outside your AWS account or organization, including public internet access and cross-account access. These analyzers use logic-based reasoning to analyze resource-based policies and identify unintended external access before deployment. > Internal Access Analyzers - Identify which principals within your organization or account have access to specific resources. This helps implement the principle of least privilege by ensuring resources are accessible only to intended internal principals. > Unused Access Analyzers - Identify identity access risks by detecting unused resources such as IAM roles, access keys, console passwords, and service or action-level permissions that haven't been used recently. The tool also provides policy validation to check IAM policies for syntax errors and compliance with AWS best practices, plus policy generation to automatically create fine-grained policies based on actual access activity captured in CloudTrail logs.
How do I run a basic aws-accessanalyzer example?
Run `aws accessanalyzer list-analyzers` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
Where can I find more aws-accessanalyzer examples?
This page includes 6 examples for aws-accessanalyzer, plus related commands for nearby Linux tasks.