Get Least Privilege Access Suggestions for a Resource

GET 
/iam/api/v1/resources/:resourceId/existing-least-privileged-access

Suggest the least privileged access based on existing IAM configurations. This configuration will minimize the number of policies/roles used preserving all the actions used in the last specified X days.

Request

Path Parameters

resourceId stringrequired

The resource ID

Query Parameters

output_format stringrequired

Possible values: [JSON, TERRAFORM, CF]

Output format.

lookback_duration_days int32required
Amount of days to look back for used actions.
Example: 90

Responses

200

OK

application/json

Schema

Schema

nextPageToken string

Next page token

permissionsInAssetCount int32

Number of actions in asset

permissionsInLeastPrivilegedCount int32

Number of actions in least privileged access

analysis object[]
Least Privileged result analysis
Array [
action string
configurationName string
keep boolean
]
value object[]
Least Privileged Access items
Array [
iamResourceName string
The name of the iam resource
iamResourceId string
The id of the iam resource
iamResourceType string
The type of iam resource
formatType string
Format type of the access policy
snippet string
The access policy
]

Example (from schema)

{
  "nextPageToken": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS",
  "permissionsInAssetCount": 10,
  "permissionsInLeastPrivilegedCount": 10,
  "analysis": [
    {
      "action": "string",
      "configurationName": "string",
      "keep": true
    }
  ],
  "value": [
    {
      "iamResourceName": "MyIamResource",
      "iamResourceId": "rrn:aws:iamRole::123456789012:3fab987adf7c268519219cdfe5a4c4c2d4dc:AROAXHNDH53GWC2HSVKSR",
      "iamResourceType": "AWS_POLICY",
      "formatType": "TERRAFORM",
      "snippet": "A Terraform code for creating a policy"
    }
  ]
}

400

Bad request

application/json

Schema

Schema

error object
code stringrequired
message stringrequired
target string
details string[]
innerError

Example (from schema)

{
  "error": {
    "code": "string",
    "message": "string",
    "target": "string",
    "details": [
      "string"
    ]
  }
}

401

Unauthorized

application/json

Schema

Schema

error object
code stringrequired
message stringrequired
target string
details string[]
innerError

Example (from schema)

{
  "error": {
    "code": "string",
    "message": "string",
    "target": "string",
    "details": [
      "string"
    ]
  }
}

403

Forbidden

application/json

Schema

Schema

error object
code stringrequired
message stringrequired
target string
details string[]
innerError

Example (from schema)

{
  "error": {
    "code": "string",
    "message": "string",
    "target": "string",
    "details": [
      "string"
    ]
  }
}

404

Not found

application/json

Schema

Schema

error object
code stringrequired
message stringrequired
target string
details string[]
innerError

Example (from schema)

{
  "error": {
    "code": "string",
    "message": "string",
    "target": "string",
    "details": [
      "string"
    ]
  }
}

429

Throttled

Response Headers

• X-RateLimit-Remaining integer
• X-RateLimit-Requested-Tokens integer
• X-RateLimit-Burst-Capacity integer
• X-RateLimit-Replenish-Rate integer

Loading...