Check No Public Access
| accessanalyzer_check_no_public_access | R Documentation |
Checks whether a resource policy can grant public access to the specified resource type¶
Description¶
Checks whether a resource policy can grant public access to the specified resource type.
Usage¶
Arguments¶
policyDocument[required] The JSON policy document to evaluate for public access.
resourceType[required] The type of resource to evaluate for public access. For example, to check for public access to Amazon S3 buckets, you can choose
AWS::S3::Bucketfor the resource type.For resource types not supported as valid values, IAM Access Analyzer will return an error.
Value¶
A list with the following syntax:
list(
result = "PASS"|"FAIL",
message = "string",
reasons = list(
list(
description = "string",
statementIndex = 123,
statementId = "string"
)
)
)
Request syntax¶
svc$check_no_public_access(
policyDocument = "string",
resourceType = "AWS::DynamoDB::Table"|"AWS::DynamoDB::Stream"|"AWS::EFS::FileSystem"|"AWS::OpenSearchService::Domain"|"AWS::Kinesis::Stream"|"AWS::Kinesis::StreamConsumer"|"AWS::KMS::Key"|"AWS::Lambda::Function"|"AWS::S3::Bucket"|"AWS::S3::AccessPoint"|"AWS::S3Express::DirectoryBucket"|"AWS::S3::Glacier"|"AWS::S3Outposts::Bucket"|"AWS::S3Outposts::AccessPoint"|"AWS::SecretsManager::Secret"|"AWS::SNS::Topic"|"AWS::SQS::Queue"|"AWS::IAM::AssumeRolePolicyDocument"
)
Examples¶
## Not run:
#
svc$check_no_public_access(
policyDocument = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Bob\",\"Effe...",
resourceType = "AWS::S3::Bucket"
)
#
svc$check_no_public_access(
policyDocument = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Bob\",\"Effe...",
resourceType = "AWS::S3::Bucket"
)
## End(Not run)