Analyzer

The Analyzer resource allows you to manage AWS AccessAnalyzer Analyzers that help you identify potential resource access issues across your AWS environment.

Minimal Example

Create a basic AccessAnalyzer with a specified type and an optional name.

import AWS from "alchemy/aws/control";

const basicAnalyzer = await AWS.AccessAnalyzer.Analyzer("myBasicAnalyzer", {
  Type: "ACCOUNT",
  AnalyzerName: "MyBasicAnalyzer"
});

Advanced Configuration

Configure an AccessAnalyzer with archive rules and tags for better resource management.

const advancedAnalyzer = await AWS.AccessAnalyzer.Analyzer("myAdvancedAnalyzer", {
  Type: "ORGANIZATION",
  AnalyzerName: "MyAdvancedAnalyzer",
  ArchiveRules: [
    {
      Filter: {
        "accountId": "123456789012",
        "resourceType": "AWS::S3::Bucket"
      },
      RuleName: "ArchiveS3BucketRules"
    }
  ],
  Tags: [
    {
      Key: "Environment",
      Value: "Production"
    },
    {
      Key: "Department",
      Value: "Engineering"
    }
  ]
});

Adopting Existing Resources

Create an AccessAnalyzer that adopts an existing resource if it already exists.

const adoptExistingAnalyzer = await AWS.AccessAnalyzer.Analyzer("myAdoptAnalyzer", {
  Type: "ACCOUNT",
  AnalyzerName: "MyAdoptAnalyzer",
  adopt: true
});

Configuring Analyzer with Specific Settings

Set up an AccessAnalyzer with specific configuration settings for enhanced analysis.

const configuredAnalyzer = await AWS.AccessAnalyzer.Analyzer("myConfiguredAnalyzer", {
  Type: "ORGANIZATION",
  AnalyzerConfiguration: {
    ArchiveRules: [
      {
        RuleName: "MyArchiveRule",
        Filter: {
          "resourceType": "AWS::IAM::Role"
        }
      }
    ]
  }
});