Amazon IAM Access Analyzer · JSON Structure
Iam Access Analyzer Access Preview Finding Structure
An access preview finding generated by the access preview.
Type: object
Properties: 15
Required: 6
Access ControlComplianceIAMPolicy ManagementSecurity
AccessPreviewFinding is a JSON Structure definition published by Amazon IAM Access Analyzer, describing 15 properties, of which 6 are required. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.
Properties
id
existingFindingId
existingFindingStatus
principal
action
condition
resource
isPublic
resourceType
createdAt
changeType
status
resourceOwnerAccount
error
sources
Meta-schema: https://json-structure.org/meta/core/v0/#
JSON Structure
{
"$schema": "https://json-structure.org/meta/core/v0/#",
"$id": "https://raw.githubusercontent.com/api-evangelist/amazon-iam-access-analyzer/refs/heads/main/json-structure/iam-access-analyzer-access-preview-finding-structure.json",
"name": "AccessPreviewFinding",
"description": "An access preview finding generated by the access preview.",
"type": "object",
"properties": {
"id": {
"allOf": [
{
"$ref": "#/components/schemas/AccessPreviewFindingId"
},
{
"description": "The ID of the access preview finding. This ID uniquely identifies the element in the list of access preview findings and is not related to the finding ID in Access Analyzer."
}
]
},
"existingFindingId": {
"allOf": [
{
"$ref": "#/components/schemas/FindingId"
},
{
"description": "The existing ID of the finding in IAM Access Analyzer, provided only for existing findings."
}
]
},
"existingFindingStatus": {
"allOf": [
{
"$ref": "#/components/schemas/FindingStatus"
},
{
"description": "The existing status of the finding, provided only for existing findings."
}
]
},
"principal": {
"allOf": [
{
"$ref": "#/components/schemas/PrincipalMap"
},
{
"description": "The external principal that has access to a resource within the zone of trust."
}
]
},
"action": {
"allOf": [
{
"$ref": "#/components/schemas/ActionList"
},
{
"description": "The action in the analyzed policy statement that an external principal has permission to perform."
}
]
},
"condition": {
"allOf": [
{
"$ref": "#/components/schemas/ConditionKeyMap"
},
{
"description": "The condition in the analyzed policy statement that resulted in a finding."
}
]
},
"resource": {
"allOf": [
{
"$ref": "#/components/schemas/String"
},
{
"description": "The resource that an external principal has access to. This is the resource associated with the access preview."
}
]
},
"isPublic": {
"allOf": [
{
"$ref": "#/components/schemas/Boolean"
},
{
"description": "Indicates whether the policy that generated the finding allows public access to the resource."
}
]
},
"resourceType": {
"allOf": [
{
"$ref": "#/components/schemas/ResourceType"
},
{
"description": "The type of the resource that can be accessed in the finding."
}
]
},
"createdAt": {
"allOf": [
{
"$ref": "#/components/schemas/Timestamp"
},
{
"description": "The time at which the access preview finding was created."
}
]
},
"changeType": {
"allOf": [
{
"$ref": "#/components/schemas/FindingChangeType"
},
{
"description": "<p>Provides context on how the access preview finding compares to existing access identified in IAM Access Analyzer.</p> <ul> <li> <p> <code>New</code> - The finding is for newly-introduced access.</p> </li> <li> <p> <code>Unchanged</code> - The preview finding is an existing finding that would remain unchanged.</p> </li> <li> <p> <code>Changed</code> - The preview finding is an existing finding with a change in status.</p> </li> </ul> <p>For example, a <code>Changed</code> finding with preview status <code>Resolved</code> and existing status <code>Active</code> indicates the existing <code>Active</code> finding would become <code>Resolved</code> as a result of the proposed permissions change.</p>"
}
]
},
"status": {
"allOf": [
{
"$ref": "#/components/schemas/FindingStatus"
},
{
"description": "The preview status of the finding. This is what the status of the finding would be after permissions deployment. For example, a <code>Changed</code> finding with preview status <code>Resolved</code> and existing status <code>Active</code> indicates the existing <code>Active</code> finding would become <code>Resolved</code> as a result of the proposed permissions change."
}
]
},
"resourceOwnerAccount": {
"allOf": [
{
"$ref": "#/components/schemas/String"
},
{
"description": "The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning account is the account in which the resource was created."
}
]
},
"error": {
"allOf": [
{
"$ref": "#/components/schemas/String"
},
{
"description": "An error."
}
]
},
"sources": {
"allOf": [
{
"$ref": "#/components/schemas/FindingSourceList"
},
{
"description": "The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings."
}
]
}
},
"required": [
"id",
"resourceType",
"createdAt",
"changeType",
"status",
"resourceOwnerAccount"
]
}