| Copyright | (c) 2013-2023 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | Safe-Inferred |
| Language | Haskell2010 |
Amazonka.AccessAnalyzer.ValidatePolicy
Description
Requests the validation of a policy and returns a list of findings. The findings help you identify issues and provide actionable recommendations to resolve the issue and enable you to author functional policies that meet security best practices.
This operation returns paginated results.
Synopsis
- data ValidatePolicy = ValidatePolicy' {}
- newValidatePolicy :: Text -> PolicyType -> ValidatePolicy
- validatePolicy_locale :: Lens' ValidatePolicy (Maybe Locale)
- validatePolicy_maxResults :: Lens' ValidatePolicy (Maybe Int)
- validatePolicy_nextToken :: Lens' ValidatePolicy (Maybe Text)
- validatePolicy_validatePolicyResourceType :: Lens' ValidatePolicy (Maybe ValidatePolicyResourceType)
- validatePolicy_policyDocument :: Lens' ValidatePolicy Text
- validatePolicy_policyType :: Lens' ValidatePolicy PolicyType
- data ValidatePolicyResponse = ValidatePolicyResponse' {
- nextToken :: Maybe Text
- httpStatus :: Int
- findings :: [ValidatePolicyFinding]
- newValidatePolicyResponse :: Int -> ValidatePolicyResponse
- validatePolicyResponse_nextToken :: Lens' ValidatePolicyResponse (Maybe Text)
- validatePolicyResponse_httpStatus :: Lens' ValidatePolicyResponse Int
- validatePolicyResponse_findings :: Lens' ValidatePolicyResponse [ValidatePolicyFinding]
Creating a Request
data ValidatePolicy Source #
See: newValidatePolicy smart constructor.
Constructors
| ValidatePolicy' | |
Fields
| |
Instances
Arguments
| :: Text | |
| -> PolicyType | |
| -> ValidatePolicy |
Create a value of ValidatePolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:locale:ValidatePolicy', validatePolicy_locale - The locale to use for localizing the findings.
$sel:maxResults:ValidatePolicy', validatePolicy_maxResults - The maximum number of results to return in the response.
ValidatePolicy, validatePolicy_nextToken - A token used for pagination of results returned.
$sel:validatePolicyResourceType:ValidatePolicy', validatePolicy_validatePolicyResourceType - The type of resource to attach to your resource policy. Specify a value
for the policy validation resource type only if the policy type is
RESOURCE_POLICY. For example, to validate a resource policy to attach
to an Amazon S3 bucket, you can choose AWS::S3::Bucket for the policy
validation resource type.
For resource types not supported as valid values, IAM Access Analyzer runs policy checks that apply to all resource policies. For example, to validate a resource policy to attach to a KMS key, do not specify a value for the policy validation resource type and IAM Access Analyzer will run policy checks that apply to all resource policies.
$sel:policyDocument:ValidatePolicy', validatePolicy_policyDocument - The JSON policy document to use as the content for the policy.
$sel:policyType:ValidatePolicy', validatePolicy_policyType - The type of policy to validate. Identity policies grant permissions to
IAM principals. Identity policies include managed and inline policies
for IAM roles, users, and groups. They also include service-control
policies (SCPs) that are attached to an Amazon Web Services
organization, organizational unit (OU), or an account.
Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy.
Request Lenses
validatePolicy_locale :: Lens' ValidatePolicy (Maybe Locale) Source #
The locale to use for localizing the findings.
validatePolicy_maxResults :: Lens' ValidatePolicy (Maybe Int) Source #
The maximum number of results to return in the response.
validatePolicy_nextToken :: Lens' ValidatePolicy (Maybe Text) Source #
A token used for pagination of results returned.
validatePolicy_validatePolicyResourceType :: Lens' ValidatePolicy (Maybe ValidatePolicyResourceType) Source #
The type of resource to attach to your resource policy. Specify a value
for the policy validation resource type only if the policy type is
RESOURCE_POLICY. For example, to validate a resource policy to attach
to an Amazon S3 bucket, you can choose AWS::S3::Bucket for the policy
validation resource type.
For resource types not supported as valid values, IAM Access Analyzer runs policy checks that apply to all resource policies. For example, to validate a resource policy to attach to a KMS key, do not specify a value for the policy validation resource type and IAM Access Analyzer will run policy checks that apply to all resource policies.
validatePolicy_policyDocument :: Lens' ValidatePolicy Text Source #
The JSON policy document to use as the content for the policy.
validatePolicy_policyType :: Lens' ValidatePolicy PolicyType Source #
The type of policy to validate. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups. They also include service-control policies (SCPs) that are attached to an Amazon Web Services organization, organizational unit (OU), or an account.
Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy.
Destructuring the Response
data ValidatePolicyResponse Source #
See: newValidatePolicyResponse smart constructor.
Constructors
| ValidatePolicyResponse' | |
Fields
| |
Instances
newValidatePolicyResponse Source #
Create a value of ValidatePolicyResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
ValidatePolicy, validatePolicyResponse_nextToken - A token used for pagination of results returned.
$sel:httpStatus:ValidatePolicyResponse', validatePolicyResponse_httpStatus - The response's http status code.
$sel:findings:ValidatePolicyResponse', validatePolicyResponse_findings - The list of findings in a policy returned by IAM Access Analyzer based
on its suite of policy checks.
Response Lenses
validatePolicyResponse_nextToken :: Lens' ValidatePolicyResponse (Maybe Text) Source #
A token used for pagination of results returned.
validatePolicyResponse_httpStatus :: Lens' ValidatePolicyResponse Int Source #
The response's http status code.
validatePolicyResponse_findings :: Lens' ValidatePolicyResponse [ValidatePolicyFinding] Source #
The list of findings in a policy returned by IAM Access Analyzer based on its suite of policy checks.