Table: aws_accessanalyzer_analyzer

AWS Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. Access Analyzer identifies resources that are shared with external principals by using logic-based reasoning to analyze the resource-based policies in your AWS environment.

Examples

Basic info

select
  name,
  last_resource_analyzed,
  last_resource_analyzed_at,
  status,
  type
from
  aws_accessanalyzer_analyzer;

List analyzers which are enabled

select
  name,
  status last_resource_analyzed,
  last_resource_analyzed_at,
  tags
from
  aws_accessanalyzer_analyzer
where
  status = 'ACTIVE';

List analyzers with findings that need to be resolved

select
  name,
  status,
  type,
  last_resource_analyzed
from
  aws_accessanalyzer_analyzer
where
  status = 'ACTIVE'
  and findings is not null;

Control examples

.inspect aws_accessanalyzer_analyzer

AWS Access Analyzer

Name	Type	Description
_ctx	jsonb	Steampipe context in JSON form, e.g. connection_name.
account_id	text	The AWS Account ID in which the resource is located.
akas	jsonb	Array of globally unique identifier strings (also known as) for the resource.
arn	text	The ARN of the analyzer.
created_at	timestamp with time zone	A timestamp for the time at which the analyzer was created.
findings	jsonb	A list of findings retrieved from the analyzer that match the filter criteria specified, if any.
last_resource_analyzed	text	The resource that was most recently analyzed by the analyzer.
last_resource_analyzed_at	timestamp with time zone	The time at which the most recently analyzed resource was analyzed.
name	text	The name of the Analyzer.
partition	text	The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
region	text	The AWS Region in which the resource is located.
status	text	The status of the analyzer.
status_reason	text	The statusReason provides more details about the current status of the analyzer.
tags	jsonb	A map of tags for the resource.
title	text	Title of the resource.
type	text	The type of analyzer, which corresponds to the zone of trust chosen for the analyzer.

turbot/aws