The AWS::AccessAnalyzer::Analyzer type specifies an analyzer of the user's account
To use awscc_accessanalyzer_analyzer on single AWS account:
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
resource "awscc_accessanalyzer_analyzer" "this" {
analyzer_name = "example"
type = "ACCOUNT"
}
To enable awscc_accessanalyzer_analyzer at the organization level, modify example below to match your AWS organization configuration.
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
resource "aws_organizations_organization" "this" {
aws_service_access_principals = ["access-analyzer.amazonaws.com"]
}
resource "awscc_accessanalyzer_analyzer" "this" {
analyzer_name = "example"
type = "ORGANIZATION"
}
type
(String) The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESSanalyzer_configuration
(Attributes) The configuration for the analyzer (see below for nested schema)analyzer_name
(String) Analyzer namearchive_rules
(Attributes List) (see below for nested schema)tags
(Attributes Set) An array of key-value pairs to apply to this resource. (see below for nested schema)arn
(String) Amazon Resource Name (ARN) of the analyzerid
(String) Uniquely identifies the resource.analyzer_configuration
Optional:
unused_access_configuration
(Attributes) The Configuration for Unused Access Analyzer (see below for nested schema)analyzer_configuration.unused_access_configuration
Optional:
unused_access_age
(Number) The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.archive_rules
Required:
filter
(Attributes List) (see below for nested schema)rule_name
(String) The archive rule namearchive_rules.filter
Required:
property
(String)Optional:
contains
(List of String)eq
(List of String)exists
(Boolean)neq
(List of String)tags
Required:
key
(String) The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.value
(String) The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.Import is supported using the following syntax:
$ terraform import awscc_accessanalyzer_analyzer.example <resource ID>