AWS IAM Access Analyzer Analyzer

This page shows how to write Terraform and CloudFormation for IAM Access Analyzer Analyzer and write them securely.

aws_accessanalyzer_analyzer (Terraform)

The Analyzer in IAM Access Analyzer can be configured in Terraform with the resource name aws_accessanalyzer_analyzer. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

access_analyzer.tf#L1
resource "aws_accessanalyzer_analyzer" "default" {
  analyzer_name = "default"
}

main.tf#L1
resource "aws_accessanalyzer_analyzer" "default" {
  count = var.enabled ? 1 : 0

  analyzer_name = var.analyzer_name
  type          = var.is_organization ? "ORGANIZATION" : "ACCOUNT"

access_analyzer.tf#L1
resource "aws_accessanalyzer_analyzer" {
  analyzer_name = "main"
  tags          = {}
  type          = "ACCOUNT"
}
main.tf#L1
resource "aws_accessanalyzer_analyzer" "example" {
  analyzer_name = var.name
  tags = var.tags
}
main.tf#L1
resource "aws_accessanalyzer_analyzer" "default" {
  analyzer_name = "analyzer"
  type          = "ACCOUNT"
  tags          = var.tags
}

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

  • analyzer_name required - string
  • arn optional computed - string
  • id optional computed - string
  • tags optional - map from string to string
  • type optional - string

Explanation in Terraform Registry

Manages an Access Analyzer Analyzer. More information can be found in the Access Analyzer User Guide.

AWS::AccessAnalyzer::Analyzer (CloudFormation)

The Analyzer in AccessAnalyzer can be configured in CloudFormation with the resource name AWS::AccessAnalyzer::Analyzer. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

lab-9.yml#L7
    Type: AWS::AccessAnalyzer::Analyzer
    Properties:
      Type: ACCOUNT

  KMSKey:
    Type: AWS::KMS::Key
access_analyzer_example.yml#L5
    Type: "AWS::AccessAnalyzer::Analyzer"
    Properties:
      Type: "ORGANIZATION"
Parameters: {}
Metadata: {}
iam_access_analyzer.yml#L4
    Type: 'AWS::AccessAnalyzer::Analyzer'
    Properties:
      AnalyzerName: !Sub ${AWS::StackName}
      Type: ACCOUNT
      ArchiveRules:
        -   Filter:
EnableGD,SH,IAA_Regional.yml#L37
    Type: AWS::AccessAnalyzer::Analyzer
    Properties:
      AnalyzerName: !Sub "${IAMAccessAnalyzerName}-${AWS::Region}"
      Type: ACCOUNT
product.template-us-east-2.yaml#L9
    Type: AWS::AccessAnalyzer::Analyzer
    Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html
    Properties:
      Type: !Ref 'Type'
Outputs:
  Arn:
cfn_script.json#L441
      "Type": "AWS::AccessAnalyzer::Analyzer",
      "Properties": {
        "AnalyzerName": "DevAccountAnalyzer",
        "Type": "ACCOUNT"
      }},
      "myassessmenttarget": {
awsResouceIconMatches.json#L416
        "resourceType": "AWS::AccessAnalyzer::Analyzer",
        "filePath": null
      }
    ]
  },
  {
list-documents.json#L3426
            "TargetType": "/AWS::AccessAnalyzer::Analyzer",
            "Tags": []
        },
        {
            "Name": "AWSConfigRemediation-EnableAutoScalingGroupELBHealthCheck",
            "CreatedDate": "2021-03-26T15:07:18.734000+00:00",
AccessAnalyzerAnalyzerSpecification.json#L3
    "AWS::AccessAnalyzer::Analyzer.Filter": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-accessanalyzer-analyzer-filter.html",
      "Properties": {
        "Contains": {
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-accessanalyzer-analyzer-filter.html#cfn-accessanalyzer-analyzer-filter-contains",
          "UpdateType": "Mutable",
template.json#L27
    "AWS::AccessAnalyzer::Analyzer": {
      "Type": "AWS::AccessAnalyzer::Analyzer",
      "Properties": {}
    },
    "AWS::WAF::IPSet": {
      "Type": "AWS::WAF::IPSet",

Parameters

Explanation in CloudFormation Registry

The AWS::AccessAnalyzer::Analyzer resource specifies a new analyzer. The analyzer is an object that represents the IAM Access Analyzer feature. An analyzer is required for Access Analyzer to become operational.

Frequently asked questions

What is AWS IAM Access Analyzer Analyzer?

AWS IAM Access Analyzer Analyzer is a resource for IAM Access Analyzer of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS IAM Access Analyzer Analyzer?

For Terraform, the K-taiga/aws_security, anmoltoppo/Terraform and timoguin/aws-baseline source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the karimelmel/cloud-security-bootcamp, mobious999/Cloudformation and sigia-com/slgl source code examples are useful. See the CloudFormation Example section for further details.