Top / Amazon Web Service / AWS IAM Access Analyzer / Analyzer

AWS IAM Access Analyzer Analyzer

This page shows how to write Terraform and CloudFormation for IAM Access Analyzer Analyzer and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_accessanalyzer_analyzer (Terraform)

The Analyzer in IAM Access Analyzer can be configured in Terraform with the resource name aws_accessanalyzer_analyzer. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

access_analyzer.tf#L1
resource "aws_accessanalyzer_analyzer" "default" {
  analyzer_name = "default"
}
main.tf#L1
resource "aws_accessanalyzer_analyzer" "default" {
  count = var.enabled ? 1 : 0

  analyzer_name = var.analyzer_name
  type          = var.is_organization ? "ORGANIZATION" : "ACCOUNT"
access_analyzer.tf#L1
resource "aws_accessanalyzer_analyzer" {
  analyzer_name = "main"
  tags          = {}
  type          = "ACCOUNT"
}
main.tf#L1
resource "aws_accessanalyzer_analyzer" "example" {
  analyzer_name = var.name
  tags = var.tags
}
main.tf#L1
resource "aws_accessanalyzer_analyzer" "default" {
  analyzer_name = "analyzer"
  type          = "ACCOUNT"
  tags          = var.tags
}

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

  • analyzer_name required - string
  • arn optional computed - string
  • id optional computed - string
  • tags optional - map from string to string
  • type optional - string

>> from Terraform Registry

Explanation in Terraform Registry

Manages an Access Analyzer Analyzer. More information can be found in the Access Analyzer User Guide.

>> from Terraform Registry

AWS::AccessAnalyzer::Analyzer (CloudFormation)

The Analyzer in AccessAnalyzer can be configured in CloudFormation with the resource name AWS::AccessAnalyzer::Analyzer. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

lab-9.yml#L7
    Type: AWS::AccessAnalyzer::Analyzer
    Properties:
      Type: ACCOUNT

  KMSKey:
    Type: AWS::KMS::Key
access_analyzer_example.yml#L5
    Type: "AWS::AccessAnalyzer::Analyzer"
    Properties:
      Type: "ORGANIZATION"
Parameters: {}
Metadata: {}
iam_access_analyzer.yml#L4
    Type: 'AWS::AccessAnalyzer::Analyzer'
    Properties:
      AnalyzerName: !Sub ${AWS::StackName}
      Type: ACCOUNT
      ArchiveRules:
        -   Filter:
EnableGD,SH,IAA_Regional.yml#L37
    Type: AWS::AccessAnalyzer::Analyzer
    Properties:
      AnalyzerName: !Sub "${IAMAccessAnalyzerName}-${AWS::Region}"
      Type: ACCOUNT
product.template-ap-east-1.yaml#L9
    Type: AWS::AccessAnalyzer::Analyzer
    Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html
    Properties:
      Type: !Ref 'Type'
Outputs:
  Arn:
cfn_script.json#L441
      "Type": "AWS::AccessAnalyzer::Analyzer",
      "Properties": {
        "AnalyzerName": "DevAccountAnalyzer",
        "Type": "ACCOUNT"
      }},
      "myassessmenttarget": {
awsResouceIconMatches.json#L416
        "resourceType": "AWS::AccessAnalyzer::Analyzer",
        "filePath": null
      }
    ]
  },
  {
list-documents.json#L3426
            "TargetType": "/AWS::AccessAnalyzer::Analyzer",
            "Tags": []
        },
        {
            "Name": "AWSConfigRemediation-EnableAutoScalingGroupELBHealthCheck",
            "CreatedDate": "2021-03-26T15:07:18.734000+00:00",
AccessAnalyzerAnalyzerSpecification.json#L3
    "AWS::AccessAnalyzer::Analyzer.Filter": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-accessanalyzer-analyzer-filter.html",
      "Properties": {
        "Contains": {
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-accessanalyzer-analyzer-filter.html#cfn-accessanalyzer-analyzer-filter-contains",
          "UpdateType": "Mutable",
template.json#L27
    "AWS::AccessAnalyzer::Analyzer": {
      "Type": "AWS::AccessAnalyzer::Analyzer",
      "Properties": {}
    },
    "AWS::WAF::IPSet": {
      "Type": "AWS::WAF::IPSet",

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

The AWS::AccessAnalyzer::Analyzer resource specifies a new analyzer. The analyzer is an object that represents the IAM Access Analyzer feature. An analyzer is required for Access Analyzer to become operational.

>> from AWS CloudFormation Documentation

Frequently asked questions

What is AWS IAM Access Analyzer Analyzer?

AWS IAM Access Analyzer Analyzer is a resource for IAM Access Analyzer of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS IAM Access Analyzer Analyzer?

For Terraform, the K-taiga/aws_security, anmoltoppo/Terraform and timoguin/aws-baseline source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the karimelmel/cloud-security-bootcamp, mobious999/Cloudformation and sigia-com/slgl source code examples are useful. See the CloudFormation Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents